SonicWALL ViewPoint User's Guide
Contents
1. RADIUS Authentication failed RADIUS Authentication failed RADIUS Access Request from Client Received RADIUS ACCESS REQUEST Client Drop RADIUS ACCESS_REQUEST Bad pending SA pointer RADIUS Cannot match reply to pending session RADIUS Received unknown attribute Login halted Client Received unknown attribute No ACCESS CHALLENGE sent Client RADIUS Bad Checksum Software error from Received RADIUS packet with bad checksum Client Frame allocation error No ACCESS CHALLENGE sent Client SYSTEM CAPACITY Frame allocation NO RADIUS Challenge sent to Client Inactive Session terminated RADIUS Inactivity triggered Session terminated Computed hash does not match received hash Auth Server RADIUS Server Configuration Error Check shared key to No pending client request Drop RADIUS frame Client RADIUS No pending client request Drop request from Client RADIUS Invalid Access Code Potential intrusion from Client Received RADIUS packet with invalid ACCESS code Client Bad Pending SA pointer type SYSTEM ERROR Call Customer Service SA pointer type Drop duplicate RADIUS ACCESS REQUEST Client RADIUS Duplicate Request Possible intrusion from 164 SonicWALL ViewPoint User s Guide RADIUS Invalid packet Possible intrusion from Received invalid RADIUS packe2. SYSTEM ERROR The DEC ethernet interface 0 stopped transmitting due to an abnormal interrupt CA certificate not found in list COMFIG PKI Check configuration Referenced CA certificate not loaded CA certificate lookup hash COMFIG PKI Check configuration Reload CA certificate Found CA certificate in CA certificate list PKI Success Found CA certificate Certificate verified but invalid PKI Certificate is invalid PKI IDS Verify CA signature failed Verify CA signature failed COMFIG PKI Check Policy certificate and policy names do not match Distinguished name in the Certificate does not match with the policy entry PKI Signature Algorithm mismatch is X 509 certificate Signature Algorithm mismatch is X 509 certificate DSS p value PKI DSS p value DSS q value PKI DSS q value DSS g value PKI DSS g value ARP No ARP entry for destination No ARP entry for destination ARP Received Delayed ARP reply Source Received Delayed ARP reply Source ARP No ARP response Destination No ARP response Destination ARP Duplicate ARP response Source 160 SonicWALL ViewPoint User s Guide Duplicate ARP response Source Save DHCP address in NVM success Peer Hostname DHCP IP Save DHCP address in NVM success Peer DHCP DHCP Saved DHCP Record
3. https 10 0 14 158 sams auth x Go Links P Search web go PeseRank h 847 blocked YE AutoFill a Options A orts svidfw00 Scheduled Reports user admin Logout SE MyReportsView pem gateway sonicwall com m MyGateway m MyTzw m sviOfw00 E Multiple Day EMail Report Configuration onono mail sonicwall com oon E 000661020738 SONICWALL fone SonicWALL ViewPoint 8 Error on page Internet 2 Enter a name for the report in the Scheduled Report Name field 3 To send the report select the Email check box 4 By default SonicWALL ViewPoint will use the Simple Mail Transfer Protocol SMTP server that was speci fied during installation To change it enter the IP address or hostname of the SMTP server in the SMTP Server Address field 5 Enter the Destination e mail addresses in the Destination Email Addresses field Make sure each e mail address is separated by a semicolon 6 By default SonicWALL ViewPoint will use the e mail address of the user logged into SonicWALL ViewPoint as the Sender e mail address To change it enter a new Sender e mail address in the Source Email Address field 7 Enter the Subject Line that will appear in reports sent from SonicWALL ViewPoint in the Email Subject field 8 Enter text that will appear in the message body in the Email Body field 9 To copy the contents of the report into the body of the email message select the Send Reports In
4. 10 50 164 65 LAN Advanced 10 50 164 65 DHCP AN VPN 10 50 164 65 avis _ cy High Arai Source LAN TRR F a a amp amp amp 8 Click Add New Rule The Add Network Access Rule dialog box appears Figure 13 Figure 13 Add Network Access Rule Dialog Box Add Rule Microsoft Internet Explorer Add Network Access Rule Action Allow Service HTTP Management x Interface Addr Range Begin Addr Range End Source WAN v L Destination Management Interface Apply this rule always tol i 24 Hour Format Sun ylto Sun v Inactivity Timeout in Minutes 30 Allow Fragmented Packets update Jf Reset 9 Create a rule that allows SonicWALL ViewPoint to access your SonicWALL appliance using HTTPS HTTPS Management service from the WAN and click Update The rule is added Note If your SonicWALL ViewPoint server is behind a firewall you need to ensure the syslog traffic can reach the SonicWALL ViewPoint server To do this add the IP address of the firewall as the syslog server in your SonicWALL appliance and provide a rule in the firewall to allow syslog traffic from your SonicWALL appliance to the Son icWALL ViewPoint server Note If SonicWALL ViewPoint is located on the WAN side of your SonicWALL appliance and behind a firewall and there is a VPN tunnel between your SonicWALL appliance and the firewall SonicWALL ViewPoint can access
5. Microsoft Internet Explorer File Edit View Favorites Tools Help Om DAG Powe pero Smee O 2 SSIOLE Address B https 10 0 14 158 samsfauth PageRank Eh 847 blocked f autoril fal Options MyReports view Services vir MyGateway MyTzw svl0fwOO Services for SonicWALLs Custom Service Authentication 113 6 Name Service DNS 53 17 Enhanced TV 9000 6 IPSec ESP 0 50 Filemaker 5003 6 17 File Transfer FTP 21 6 Gopher 70 6 Video Conference H323 1720 6 Web HTTP 80 6 HTTPS 443 6 Key Exchange IKE 500 17 IMAP3 220 6 SONICWALL Tet SonicWALL ViewPoint javascriptisubmitservice_task i Internet To add a known service select it from the Known Services list box and click Add To add a custom service enter a name in the Name field enter the service s port range and select the protocols that it uses from the Protocol list box Then click Add To delete a service select it and click Delete Viewing Reports 53 Viewing Web Usage Reports Web usage reports provide information on the amount of web usage that occurs through the selected SonicWALL appliance s Web usage reports can be used to view web bandwidth usage by the hour day or over a period of days Addition ally you can view the top users of web bandwidth and view the most visited sites Note All reports appear in the Firewalls time zone Select from
6. o a ot yl update Weekly Reports Last Sent F a Gren frry Wen josizerzoos ilos wile ot jw update J o hemin 08022004 fas v os update Note You can reconfigure the Last Weekly Monthly Reports Sent dates to resend any missed reports Email Archive Configuration Web Server Details Following is the web server configuration information used by the Email Archive component se settings should be modified ONLY if the web server configuration has been changed ce Updates made here will NOT change the web server configuration this information is for the Email Archive component only Web Server Address i 27 0 0 1 SONICWALL SonicWALL ViewPoint Applet util started Internet 4 This page shows when the next scheduled archive time will occur and when the last weekly and monthly reports were sent 5 To set the next archive time enter the date and time in the Next Scheduled Email Archive Time fields and click Update 6 To change the timestamp of the last weekly report enter the date and time in the Weekly Reports Last Sent fields and click Update 7 To change the timestamp of the last monthly report enter the date and time in the Monthly Reports Last Sent fields and click Update 8 Ifthe web server address port or protocol has changed since installation this will affect reporting and you should enter the new address port and protocol in the Current Web Server Configuration section 9 When you a
7. Click Submit The SonicWALL ViewPoint UI opens 4 To logout click the Logout button in the SonicWALL ViewPoint UI Installing SonicWALL ViewPoint 17 Registering SonicWALL ViewPoint To register SonicWALL ViewPoint follow these steps Create a mysonicwall com account see Creating a mysonicwall com Account on page 18 Register the SonicWALL appliance see Registering the SonicWALL Appliance on page 18 Activate the ViewPoint Software see Activating the ViewPoint Software on page 18 Enable the ViewPoint license on the SonicWALL appliance see Enabling the ViewPoint License on the Son icWALL Appliance on page 19 Creating a mysonicwall com Account If you do not already have a mysonicwall com account open a web browser and navigate to the following website http www mysonicwall com Then follow the on screen prompts to create a user account Registering the SonicWALL Appliance To register the SonicWALL appliance follow these steps 1 2 Log on to mysonicwall com Click My Products The SonicWALL Product Registration page appears Figure 6 mysonicwall com Welcome Page Product Management Microsoft Internet Explorer File Edit View Favorites Tools Help Q sx 0 x 2 seach fe Favorites Amea 2 R B ttps www mysonicwall com Profie ProductManagement asp 7WwAlh gt COMPREHENSIVE HOME NEWS FIND A RESELLER CONTACT US SONICWALL INTERNET SECURITY SOLUTIONS
8. Logged in bgutz2 MY PRODUCTS ORDER HISTORY ff VIEW CART E LoGouT Manage or register new products REGISTERED PRODUCTS To view associated Service Details or buy New Services click on the Product Name NAME SERIAL NUMBER REG CODE 1 Seattle Firewall 0040100f88d1 10640668 ADD NEW PRODUCT Please enter the serial number of the new product to be registered You may also specify a Friendly Name for the product 12 digit number on bottom of unit Serial Number Ex XXXX XXXX This is required for the SOHO TZW Products Authentication Code What is this Ex San Jose Branch Offi Friendly Name 3 Enter your SonicWALL serial number in the Serial Number field If you are registering a SonicWALL SOHO TZW enter the authentication code in the Authentication Code field Enter a descriptive name for the SonicWALL appliance in the Friendly Name field Click Register The mysonicwall com website registers the SonicWALL appliance Activating the ViewPoint Software To activate the SonicWALL ViewPoint software follow these steps 1 Log on to mysonicwall com 18 SonicWALL ViewPoint User s Guide 2 Click the label of the newly registered SonicWALL appliance The Service Management page appears Figure 7 Service Management Page Bi Service Management Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD seach gfe ravorites Aua O 2 2 mw LJ Address
9. MyTzw svl0fwO0 admin 192 168 252 12 Mon Jun 28 13 25 20 PDT 2004 Mon Jun 28 13 26 14 PDT 2004 admin 192 168 252 12 Mon Jun 28 13 27 41 PDT 2004 Mon Jun 28 13 27 44 PDT 2004 Sessions admin 10 0 202 29 Mon Jun 28 13 28 20 PDT 2004 Mon Jun 28 13 28 53 PDT 2004 eMail Alert Settings admin 10 0 202 29 Mon Jun 28 13 31 42 PDT 2004 Mon Jun 28 14 28 59 PDT 2004 admin 10 50 1891 99 Mon Jun 28 14 20 31 PDT 2004 Mon Jun 28 14 44 26 PDT 2004 ViewPoint Settings Alert Settings End selected sessions SONICWALL SonicWALL ViewPoint 4 Select the check box of each user to log off and click End selected sessions The selected users are logged off Configuring Email Alert Setting Notifications The email Alert Settings page specifies which email addresses receive email alerts and FYI messages during spe cific times To configure the alert notification settings follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Console Panel tab at the bottom of the SonicWALL ViewPoint user interface UI 3 Expand the Management tree and click email Alert Settings The email Alert Settings page appears Figure 24 Configuring ViewPoint 33 Figure 24 SonicWALL ViewPoint Alert Settings Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A GD Preach she ravortes Aua O e Lia leas ENE Google PageRank Eh 847
10. PSearchwWeb g PageRank Eh 847 blocked FE A O Palontions MyReportsView Console Panel ViewPoint Settings user admin Logout SMTP Server Address mail sonicwall com Alert Settings Note To change the recipient email addresses please use the Console gt Management gt eMail Alert Settings Screen Sessions System Debug level 3 0 no debug 3 maximum debug eMail Alert Settings update J reset j SONICWALL Pen SonicWALL ViewPoint 4 Enter the IP address of the Simple Mail Transfer Protocol SMTP server in the SMTP Server Address field 5 Enter the sender s email address that will appear in messages sent from the SonicWALL ViewPoint in the View Point Sender s e Mail Address field 6 Select the amount of debug information that is stored from the System Debug Level field For no debugging enter 0 For verbose debugging enter 3 7 When you are finished click Update The ViewPoint settings are changed To clear the screen settings and start over click Reset Configuring Alert Settings The Alert Settings page specifies which email addresses receive alerts notifications during specific times To configure the alert notification settings follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Console Panel tab at the bottom of the SonicWALL ViewPoint user interface UI 3 Expand the Management tree and click Alert Settings The Alert Settings page appears Figure 22 Configurin
11. Select whether to display a chart and table or a table only 120 SonicWALL ViewPoint User s Guide 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Reports 121 Viewing Intrusion Prevention Reports The Intrusion Prevention Service IPS reports show the number of attempted intrusions that occurred during the specified time period Note All reports appear in the Firewall s time zone Select from the following To view a summary of the attacks see Viewing the Intrusion Prevention Summary Report on page 122 To view the attacks by attack category see Viewing the Intrusions by Destination on page 123 To view the attacks by source IP address see Viewing the Attacks by Source on page 112 To view a summary of the errors and exceptions see Viewing the Errors and Exceptions Report on page 113 To view attacks over a period of time see Viewing Attack Reports Over Time on page 115 To view errors and exceptions over a period of time see Viewing Errors Over Time on page 119 Viewi
12. a Intrusions Detected from June 22 2004 to June 27 2004 Bo eas ononon Intrusions of Intrusions 100 0 SONICWALL i SonicWALL ViewPoint Done internet 5 The bar graph displays the number of intrusions attempted each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Intrusions number of intrusion attempts e of Intrusions percentage of intrusion attempts on this day compared to the time period For example if 10 000 intrusion attempts occurred during the time period and 1 000 intrusion attempts occurred on Thursday its of Intrusions field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 139 Figure 139 Report Settings Dialog Box ViewPoint Date Range Selector SONICWALL 8 Select whether to display a chart and table or a table only 130 SonicWALL ViewPoint User s Guide 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your act
13. a Opening page https 10 0 14 158 sgms reportcontrol action showPage amp page reports topOver TimeReport jsp amp report_id 4508level 38n0 Internet 5 The bar graph displays the number of attacks attempted each day of the specified time period To view source and destination information on the individual attacks expand the category tree indicated by a sign 6 The table contains the following information e Category category of the attack e Attacks number of attacks e of Attacks percentage of attacks for this category compared to other categories For example if 5 000 attacks occurred during the time period and 1 000 attacks occurred for a category its of Attacks field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 123 Figure 123 Report Settings Dialog Box ViewPoint Date Range Selector SONICWALL May 11 2004 May 10 2004 May 9 2004 May 8 2004 8 Select whether to display a chart and table or a table only Viewing Reports 117 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note The
14. e Date when the sample was taken e Connections number of mail messages e KBytes number of kilobytes transferred e of Usage percentage of kilobytes transferred during this day compared to the time period For exam ple if 10 000 kilobytes of mail was transferred during the time period and 2 500 kilobytes of mail was transferred on one day the of Usage field will display 25 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 93 Figure 93 Report Settings Dialog Box ViewPoint Date Range Selector X SONICWALL 8 Select whether to display a chart and table or a table only Viewing Reports 93 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Users of Mail Bandwidth Over Time The Top Users Over Time report displays the users who sent and received the most mail during the specified time period To view the Top Users Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the
15. entitled TEMPLATE FOLDER in the table The TEMPLATE FOLDER field specifies the partial folder name from where the custom templates are drawn Run the following SQL commands in the QueryAnalyzer to enable one or all of the current scheduled reports in the VP_EMAIL RECEIVERS table to pick up the custom templates from your newly created custom folder i e MyCustomTemplate USE SGMSDB UPDATE VP_EMATL RECEIVERS SET TEMPLATE FOLDER MyCustomReports WHERE ID x where x is the ID of the schedules report in the VP_EMAIL RECEIVERS table For all the current scheduled reports in the VP_EMAIL RECEIVERS table omit the WHERE ID x from the UPDATE command Now all reports in the scheduled report ID x pick up the customized templates from the MyCustomTemplate folder Note The TEMPLATE FOLDER field must contain the full path below the scheduledreports directory If the TEMPLATE FOLDER field is empty default report formats are used The SQL commands only apply to the current scheduled reports in the database i e in the VP_LEMAIL_RECEIVERS table If you create new sched uled reports from the UI or by using the CLI you must re execute the SOL commands for the newly created scheduled reports SonicWALL ViewPoint User s Guide Report File Elements The following table contains a list of all modifyable report elements Note When modifying JSP files you can change report values but do not modify the parameter or fi
16. https www mysonicwall com Profile ServiceManagement asp PRODUCTID 208SERIALNUMBER 0040 100f88d1 SONICWALL gt COMPREHENSIVE INTERNET SECURITY SOLUTIONS Logged in bgutz2 SERVICE MANAGEMENT HOME NEWS FIND A RESELLER CONTACT US ORDER HISTORY ff VIEW CART Sf IJ LoGouT Serial Number 0040100f88d1 Registration Code 10640668 Authencation Code Not Applicable Node Support 10 Product SOHO2 10 Platform TOSHIBA Trusted No You can manage this product by clicking the appropriate button MANAGE PRODUCT BREA mi Seattle Firewall APPLICABLE SERVICES BREAST Expiry Key 28 Feb 2001 ee nary REE Service Name Content Filter VPN Uparade VPN Client Upgrade Node Upgrade Premium Support Extended Warranty 29 Jan 2002 3 Locate the ViewPoint service and click its Activate button The Activate Service dialog box appears Enter the ViewPoint Activation Key in the Activation Key field The ViewPoint Activation Key is printed on the ViewPoint Software License Certificate shipped with the ViewPoint package Click Submit After the Activation Key is registered a ViewPoint License Key will appear Carefully write down the ViewPoint License Key in a safe place Enabling the ViewPoint License on the SonicWALL Appliance To enable the SonicWALL ViewPoint license follow these steps 1 Log into the SonicWALL appliance 2 Expand the Log tree and click V
17. 115 118 209 sonicwall com nbc com 10 0 30 57 c400 6482 sv us sonicwall com JEREMY 2K rlinford 6628 sv us sonicwall com mhickey 6453 sv us sonicwall com 5 The pie chart displays the percentage of each source 6 The table contains the following information e Source the source that made the request e Intrusion Prevention number of intrusions e of Intrusions percentage of intrusions caused by this source s request compared to all other sources For example if 1 000 intrusion attempts occurred during the day and 500 intrusion attempts came through the activities of one source its of Intrusions field will display 50 7 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top sources To change these settings click Settings The Report Settings dialog box appears Figure 133 Viewing Reports 125 Figure 133 Report Settings Dialog Box A YiewPoint Settings Microsof EE SONICWALL Report Display Settings Sun Mon Tue wed i 2 B k Bb B ito fia hs he f7 j1 22 23 24 ze 29 s0 8 Select the number of sources that will be displayed from the Number of Sources list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings wi
18. 77 Viewing the Top Blocked Site Users Over Time 78 Viewing the Top Blocked Sites for Each User Over Time 80 Viewing File Transfer Protocol Reports 82 Viewing the FTP Summary Report 82 Viewing the Top Users of FTP Bandwidth 83 Viewing FTP Bandwidth Usage Over Time 85 Viewing the Top Users of FTP Bandwidth Over Time 87 Viewing Mail Usage Reports 89 Viewing the Mail Usage Summary Report 89 Viewing the Top Users of Mail Bandwidth 91 Viewing Mail Usage Over Time 92 Viewing the Top Users of Mail Bandwidth Over Time 94 Viewing VPN Usage Reports 96 Viewing the VPN Usage Summary Report 96 Viewing the Top VPN Users 98 Viewing VPN Usage Over Time 99 Viewing the Top VPN Users Over Time 101 Viewing VPN Usage by Policy 102 Viewing the Top VPN Policies Over Time 104 Viewing Hourly VPN Usage by Policy 105 Viewing the VPN Services Summary Report 107 Viewing Attack Reports 109 Viewing the Attack Summary Report 109 Viewing the Attacks by Category 110 Viewing the Attacks by Source 112 Viewing the Errors and Exceptions Report 113 Viewing Attack Reports Over Time 115 Viewing the Attacks by Category Over Time 116 Sources Over Time 118 Viewing Errors Over Time 119 Viewing Intrusion Prevention Reports 122 Viewing the Intrusion Prevention Summary Report 122 Viewing the Intrusions by Destination 123 Viewing the Intrusions by Source 125 8 SonicWALL ViewPoint User s Guide Top Intrusions Top Intrusions by Priority Viewing Intrusions Over Time Viewing Intr
19. 971 100 0 SONICWALL i o SonicWALL ViewPoint 5 The pie chart displays the top users of FTP bandwidth To view the FTP sites visited by each user expand the user s site tree indicated by a sign 6 The table contains the following information e Users the IP address of the user e Events number of FTP Events e MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred by this user compared to all users For example if 10000 megabytes of data was transferred during the period and 2000 megabytes was transferred by the top user the of MBytes field will display 20 7 To change the report settings click Settings The Reporting Date Range Selector dialog box appears Figure 87 Viewing Reports 87 Figure 87 Report Settings Dialog Box Z ViewPoint Date Range Selector a E 2004 2004 2004 2004 2004 2004 2004 2004 2004 2004 2004 2004 2004 2004 2004 2004 May9 2004 2004 Select Users comma separated Generate Report Close 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 To display a limited group of users enter the user IDs in the Select
20. 9x15003039 s v us sonicwall com svi0de01 sv us sonicwall com naveent sv us sonicwall com atomooka 7129 sv us sonicwall com 10 0 30 208 SONICWALL The table contains the following information Intrusions number of intrusions svi0bb00 sonicwall com SonicWALL ViewPoint The pie chart displays the percentage of intrusion attempts that occured from each destination Destination IP address or hostname of the destination of Intrusions percentage of intrusions from this destination compared to all other destinations For example if 5 000 intrusion attempts occurred during the day and 500 came from 108 12 11 2 its of Intrusions field will display 10 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top categories To change these settings click Settings The Report Settings dialog box appears Figure 131 Figure 131 Report Settings Dialog Box ViewPoint Settings SONICWALL Report Display Settings Microsof Hii Ea Mon Tue Wed Thu Fri Sat 2 fa j16 23 1 fa 15 22 29 3 10 17 124 4 jii lia l25 is 12 j19 26 l6 13 20 27 8 Select the number of categories that will be displayed 9 Select the type of chart from the Chart Type list box from the Number of Categories list box 10 Select the year month and day that you would like to view 124 SonicWALL ViewPoint
21. Host Auth incomplete IP SYSTEM CAPACITY Call Sales ULA Memory Flash write error SYSTEM ERROR Call Customer Support if message reoccurs Flash Write Flash erase error SYSTEM ERROR Call Customer Support if message reoccurs Flash Erase Flash checksum error SYSTEM ERROR Call Customer Support if message reoccurs Flash Checksum Critical Terminating Flash programming SYSTEM ERROR Call Customer Support for replacement Flash Halt 159 Critical Ravlin is completely disabled SYSTEM ERROR Call Customer Support for replacement Sys Disabled Critical Failed to disable Ravlin SYSTEM ERROR DISCONNECT UNIT Call Support Runaway System Signature Verification failure SYSTEM ERROR Call Customer Support to reset firmware Signature Out of NV Memory SYSTEM CAPACITY Call Customer Support Flash Capacity Invalid NV Type SYSTEM ERROR Call Customer Support if message reoccurs Flash Type No such NV handle SYSTEM ERROR Call Customer Support if message reoccurs Flash Handle ISAKMP Drop Request to send packet with length gt 1520 IKE ERROR Drop Request to send packet with length gt 1520 Peer ISAKMP Drop Request to send packet with length zero IKE ERROR Drop Request to send packet with length zero Peer Interface 0 stopped transmitting due to an abnormal interrupt
22. IPSec ESP 0 50 Name Filemaker 5003 6 17 File Transfer FTP 21 6 Port Gopher 70 6 T 7 Video Conference H323 1720 6 ees Web HTTP 80 61 Protocol Vv TCP 6 HTTPS 443 6 Key Exchange IKE 500 17 upp 17 MAPS 220 6 Creme 1 aaa Servi SONICWALL SonicWALL ViewPoint 4 To add a known service select it from the Known Services list box and click Add 5 To add a custom service enter a name in the Name field enter the service s port range and select the protocol that it uses from the Protocol list box Click Add 6 To delete a service select it and click Delete Configuring Email Archive Settings To configure Email Archive and web server settings follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Console tab 3 Expand the Reports tree and click Email Archive The Email Archive page appears Figure 28 Configuring ViewPoint 37 Figure 28 Email Archive Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Bak Q x a O Ta Search She Favortes Media 4 2 A E LJ amp B D Address a https 10 0 14 158 sgms auth j Go Links v Searchweb go PageRank Eh 847 blocked E Autoril Options I Console Panel e Email Archive user admin Logout Ready svi0fwO0 Reports Next Scheduled Email Archive Time tr mm dd yyyy hh min
23. Internal error extra proposals after AH and ESP Bad IPSEC protocol values CONFIG IPSEC Bad IPSEC protocol values CONFIG IKE proposal is not acceptable Peer ISAKMP Phase I proposal is not acceptable Peer CONFIG ESP AH proposal is not acceptable Peer ISAKMP Phase II proposal is not acceptable Peer IKE Security Association requested from Peer Received ISAKMP initialization request Peer IKE Session created Ready to negotiate Phase I complete IKE Initiate Security Association with Peer Start ISAKMP initialization Peer IKE Unable to negotiate security association with Peer ISAKMP failed Peer IPSEC IKE Complete Encrypting to Peer ISAKMP OAKLEY successful SA Active Peer IPSEC NAT Detected OmniTraversal invoked to Peer IPSEC traffic will be encapsulated in UDP Peer IKE Improper packet Aborting negotiation No SA exists Next payload is not S IKE Unable to decrypt packet Unable to decrypt payload Can t get conn entry I just created SYSTEM ERROR IKE negotiation out of sync will auto reset CONFIG Preshared keys between peers are different Invalid payload Possible overrun attack Main Mode processing failed SYSTEM ERROR IKE Processing failed Header verified invalid 166 SonicWALL ViewPoint User s Guide IKE Incoming packet fo
24. Microsof Ri Eg SONICWALL Report Display Settings Mon Tue Fri Sat 1 k 5 6 8 9 12 f3 15 16 17 19 z0 22 23 24 26 27 29 30 8 Select the number of sources that will be displayed from the Number of Sources list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing the Errors and Exceptions Report The Errors and Exceptions Summary report contains information on the number of dropped packets on a SonicWALL appliance or group of SonicWALL appliances during the specified day To view the Errors and Exceptions report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Errors amp Exceptions The Errors amp Exceptions page appears Figure 118 Viewing Reports 113 Figure 118 Errors amp Exceptions Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Ow O AAO lave perme Gun OESOL Address https 10 0 14 158 sgms auth v Psearchweb g PageRank Eh 847 blocked E Au Ee D 3 svidfwoo Errors amp Excepti
25. Page A SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD Osh she ravortes Aui O e Lia lard Address https 10 0 14 158 sqms auth v Bsearchweb g Pageank Fh 847 blocked E autor fal Options A svidfwo0 By Source user admin 5 D E gateway sonicwall com m MyGateway MyTzw Summary of Attacks by Source for June 27 2004 Beano ogee oon 4168 11 31 211 13 231 126 available a Destination 67 115 118 5 3 210 150 45 253 a rlinford 6628 sv us sonicwall com SONICWALL SonicWALL ViewPoint a Internet The pie chart displays the percentage of each source of attack To view source and destination information on the individual attacks expand the source tree indicated by a sign The table contains the following information e Source the source of the attack e Attacks number of attacks e of Attacks percentage of attacks from this source compared to all other sources For example if 1 000 attacks occurred during the day and 500 attacks came from one source its of Attacks field will display 50 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top sources To change these settings click Settings The Report Settings dialog box appears Figure 117 112 SonicWALL ViewPoint User s Guide Figure 117 Report Settings Dialog Box ze ViewPoint Settings
26. Peer Hostname DHCP IP SYSTEM CAPACITY Failed DHCP save to NV Peer Hostname DHCP IP Failed to save DHCP address in NVM Peer DHCP DHCP IP address received is DHCP successful current IP address is DHCP NACK received DHCP NACK received DHCP Normal Renewing DHCP Renewing DHCP Normal Rebinding DHCP Rebinding DHCP Normal Lease Expires DHCP Lease Expires Restarting DHCP SYSTEM ERROR Restarting DHCP Stop DHCP SYSTEM ERROR Stop DHCP DHCP Housekeeping Move to new index Peer DHCP Old New Moving DHCP Address to new index Peer DHCP Old New DHCP Error Invalid DHCP Address Peer DHCP Address Invalid DHCP Address Peer DHCP Address DHCP Normal Insert Hash table entry Index DHCP Addr Insert Hash table entry Index DHCP Addr DHCP Revd request to release DHCP Address Peer DHCP Addr Revd request to release DHCP Address Peer DHCP Addr DHCP Normal Lease expired for DHCP Address Peer DHCP Addr Lease expired for DHCP Address Peer DHCP Addr DHCP Normal Received DHCP records Peer DHCP IP Received DHCP records Peer DHCP IP DHCP Normal Record already exists Peer DHCP IP DHCP record already exists Peer DHCP IP Delete DHCP record on passive Ravlin Peer DHCP IP DHCP Releasing remote DHCP record due to
27. Settings Select Report Date Wed Thu 7 Select the number of items that will be displayed from the Number of Items list box 8 Select the number of entries per item from the Entries per Item list box 9 Select the beginning and ending hour that will be displayed in the report 10 Select the year month and day that you would like to view 106 SonicWALL ViewPoint User s Guide 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing the VPN Services Summary Report The Services Summary report displays the amount of traffic handled by each service during each hour of the speci fied day To view the Services Summary report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the VPN Usage tree and click By Service The By Service page appears Figure 110 Figure 110 By Service Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q sak Q x E JO search She Favorites Media B amp i B D Address https 10 0 14 158 sqms auth v BPsearch web ge PageRank Eh 847 blocked E auton E Fa options sviofw00 By Service user n Logout 5 D J gt Summary of Services Over VPN
28. SonicWALL appliance Figure 152 Search Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help a P i gt A nm Q h ABQ Psn Fers Que O A CSIOLE ess https 10 0 14 158 sgms auth Eao Links Search web go PageRank h 847 blocked E A O Faoptions mi MyReports View sviofw00 Search user admir Logout pmm gateway sonicwall com mm MyGateway MyTzw svl0fwOO Select Search Criteria 6128 2004 w E 612812004 w a BOHeEneae a B oona L G SonicWALL ViewPoint Internet 5 Select the date to view from the Date list box 6 Enter the starting time of events to view in the Start Time field 7 8 9 Enter the ending time of events to view in the End Time field Select the type of events to view from the Message Category list box Enter the source IP address to view in the Source IP Address field To view all IP addresses enter All 10 Enter the destination IP address to view in the Destination IP Address field To view all IP addresses enter All 11 Select the number of entries to display per page from the Results Per Page field 12 Click Generate Report The Log Viewer Results page appears Figure 153 Viewing Reports 141 Figure 153 Log Viewer Results Page F SonicWALL GMS Microsoft Internet Explorer DER Fie Edt View Favorites Tools Help a Ow O AG Lawn pornos Sun O 2 SB0LE Address http 10 0 14 5 6081
29. SonicWALL appliance s These include denial of service attacks intrusions probes and all other malicious activity directed at the SonicWALL appliance or computers on the LAN or DMZ Note All reports appear in the Firewall s time zone Select from the following To view a summary of the attacks see Viewing the Attack Summary Report on page 109 To view the attacks by attack category see Viewing the Attacks by Category on page 110 To view the attacks by source IP address see Viewing the Attacks by Source on page 112 To view a summary of the errors and exceptions see Viewing the Errors and Exceptions Report on page 113 To view attacks over a period of time see Viewing Attack Reports Over Time on page 115 To view errors and exceptions over a period of time see Viewing Errors Over Time on page 119 Viewing the Attack Summary Report The Attack Summary report contains information on the number of attacks attempted on a SonicWALL appliance or group of SonicWALL appliances during the specified day To view the Attack Summary report follow these steps 1 2 3 4 5 Start and log into SonicWALL ViewPoint Click the Reports tab Select the global icon a group or a SonicWALL appliance Expand the Attacks tree and click Summary The Summary page appears Figure 112 Figure 112 Summary Page 4A SonicWALL ViewPoint Microsoft Internet Explorer Eek File Edit View Favorites T
30. Total Baoaeo G Report produced for timezone Pacific Time US amp Canada SONICWALL i SonicWALL ViewPoint Elone internet 5 The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time re 6 The table contains the following information e Site URL or IP address of the site Hits number of hits e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred between this site compared to all other HTTP traffic For example if 1 000 000 kilobytes of data was transferred during the day and 500 000 kilobytes was trans ferred between the appliance and Ebay the of KBytes field will display 50 and you have a problem 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 59 64 SonicWALL ViewPoint User s Guide Figure 59 Report Settings Dialog Box ViewPoint Date Range Selector X SONICWALL May 11 2004 May 10 2004 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range
31. User s Guide 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing the Intrusions by Source The Intrusions by Source report displays the IP addresses of the sources which originated the request that caused an intrusion attempt For example if the system at IP address 192 168 1 102 issued a request to the system at 102 1 22 3 and 102 1 22 3 made an intrusion attempt 192 168 1 102 would be listed as the source in the By Source report To view the Intrusions by Source report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Intrusion Prevention tree and click By Source The By Source page appears Figure 132 Figure 132 By Source Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa O x A GD Preach se ravortes Aua O e SUDA Address https 10 0 14 158 sgms auth v Psearchweb g PaseRank Eh 847 blocked E autori EJ Ea Options svidfwoo By Source us admin 5 D J gt 4 MyReportsView gateway sonicwall corm MyGateway MyTzw svl0fwOO Intrusions by Source for June 27 2004 i es i I 1 HBROoen ease of Intrusions smadison 6874 sv us sonicwall com 67
32. Users field and separate each entry with a comma Note This field does not use pattern matching For example john will not match john_smith john42 or big_john 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session 88 SonicWALL ViewPoint User s Guide Viewing Mail Usage Reports Mail usage reports provide information on the amount of mail usage that occurs through the selected SonicWALL appliance s Mail usage reports can be used to view mail bandwidth usage by the hour day or over a period of days Addition ally you can view the top users of mail bandwidth Note Mail usage reports include SMTP POP3 and IMAP traffic General bandwidth reports do not always provide a complete picture of network bandwidth usage If a large amount of mail traffic occurs during peak times you might want to take some of the following actions e Add bandwidth e Upgrade network equipment e Ask employees to use compression or transfer large files during non peak times e Ask employees to place large files on an FTP site rather than sending them as mail attachments Note All reports appear in the Firewall s time zone Select from the following e To view a summary of the daily mail usage see Viewing the Mail Usage Summary Report on page 89 e To view the users who consume t
33. a folder to store custom report templates The folder name cannot contain spaces and must be located in the appropriate directory For example to use the folder name MyCustomReports you must create the folder with the following directory structure lt gms_directory gt Tomcat webapps sgms reports scheduledreports MyCustomReports 2 Copy all of the files in the following directory into the newly created folder lt gms_directory gt Tomcat webapps sgms reports scheduledreports 3 The default logo used in the reports is the SonicWALL logo If you wish to use a different logo copy it into the following directory lt gms_directory gt Tomcat webapps sgms images 4 Using Table 2 as a guideline edit one or more of the JSP files in each subdirectory Figure 157 shows some report elements as they are displayed Figure 157 Report Elements K Disearch ajFavortes i 3 C Documents and Settnigs maj Local Settings Temporary Intemet Fies OLK2B Bandwdth_Over_Tme_weskly_004010136907_START11 24 2002 mheml SonicWALL ViewPoint Scheduled Report for Sonic WALL appliance at IP address 172 16 123 09 Repot producad tii tirazaaa Paith Time US amp Banati OMT E00 A eee SEER ET Pe 155 156 5 Restart the SGMS Web server service 6 Update the database Each scheduled report is stored with a unique ID in the VP_ EMAIL RECEIVERS table in the SGMS database and each scheduled report contains an additional field
34. a specified group of users enter the username of each user separated by commas in the User List field Because this field uses pattern matching entries such as john will display data for johnm 123john and so on 14 To configure the default start and end times for hourly reports select a start and end time from the Start and End list boxes 15 To specify a list of web sites that will be excluded from the reports enter a string that specifies a URL or por tion of a URL to exclude from the reports For example www yahoo com ebay com netscape Click Add Any web site that contains a portion of the string that you specified will be excluded from the report Repeat this step for each web site to exclude 30 SonicWALL ViewPoint User s Guide Configuring Management Settings This section describes how to configure management settings Configuring General ViewPoint Settings To modify the SonicWALL ViewPoint settings follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Console Panel tab at the bottom of the SonicWALL ViewPoint UI 3 Expand the Management tree and click ViewPoint Settings The ViewPoint Settings page appears Figure 21 Figure 21 ViewPoint Settings Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help GQ ex Q x 2 CA Bs Search She Favorites Media Kz 2 A E m a B M Address https 10 0 14 158 sqmsfauth v
35. and anticipate future bandwidth needs SonicWALL ViewPoint generates both real time and historical reports to offer a complete view of all activity through one or more SonicWALL appliances It generates the reports based on the stream of syslog data received from each SonicWALL appliance and summarizes this data allowing you to view the reports for current date a pre vious day or for a range of days SonicWALL ViewPoint e Displays bandwidth use by IP address and service e Identifies inappropriate Internet use e Provides detailed reports of attacks e Collects and aggregates system and network errors e Shows Virtual Private Network VPN events and problems e Presents visitor traffic to your website e Provides detailed daily firewall logs to analyze specific events SonicWALL ViewPoint offers the following features e Web based browser reporting application SonicWALL ViewPoint can be accessed from a local or remote system using a web browser e Single firewall real time and historical reports SonicWALL ViewPoint offers reports for single Son icWALL appliances e Aggregated real time and historical reports SonicWALL ViewPoint offers aggregated reports for multiple SonicWALL appliances e Summarized Reports SonicWALL ViewPoint summarizes its data allowing the user to view reports for the current date a previous day or a range of days e Support for multiple firewalls SonicWALL ViewPoint can generate reports for o
36. and other information When prompted to confirm the information type yes and press Enter 5 Enter key password for lt spcert gt If the password is the same as the keystore password press Enter The certificate is issued for evaluation and testing purposes To create a secure website using this certificate see Creating a Secure Website on page 42 To use HTTPS with a valid certificate you will need to obtain a certif icate through a valid certificate authority e g Verisign and Thawte and store the certificate in the keystore that you just created Note For information on getting a certificate from Thawte visit http www orionserver com docs ssl howto html Creating a Secure Website This section describes how to create a secure website with server side authentication To do this follow these steps 1 2 Open the lt sgms_directory gt jre lib security java security file with a text editor Locate the following entry provider 2 Replace it with the following provider 3 Insert the following line above the line that you just edited security provider 2 com sun net ssl internal ssl Provider Save the file and exit Open the lt sgms_directory gt Tomcat conf server xml file with a text editor Locate the following entry SonicWALL ViewPoint User s Guide lt lt Connector className org apache tomcat service PoolTcpConnector gt lt Parameter name handler value org apache tomcat service http HttpC
37. blocked web sites that each user attempted to access during the specified time period To view the By User Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Filter tree and click By User Over Time The By User Over Time page appears Figure 78 Figure 78 By Users Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer DER Fie Edit View Favorites Tools Help O x aA JO search She Favortes medio 2 ea 8eaWe amp M Address a https 10 0 14 158 sgms auth P Search web go PeseRank Gh 847 blocked f autoni E Pa Options A gateway sonicwall com By Users Over Time user admini Logout g Top Filtered Sites by User from June 22 2004 to June 27 2004 settings J Displaying records 1 1 of 1 noo Attempts svi0dc00 sv us sonicwall com 3953 Attempts Category Adutt Mature Content Cult Occult Custom svl0fw02 sv us sonic 3953 List Drugsdllegal Drugs Intimate Apparel Syimsuit Nudism Pornography Violence HateRacism Weapons Report produced for timezone Pacific Time US amp Canada Ba oenae o B SONICWALL i SonicWALL ViewPoint 5 The table contains the following information e User the IP address of the user e Site the top five sites visited by the user e Attempts number of attempts the user made to access each web site 6 To change the date range of the report clic
38. by service e Web Usage Summary amount of HTTP bandwidth handled by the SonicWALL appliance during each hour of the day e Web Usage Top Sites displays the web sites that used the most HTTP bandwidth e Web Usage Top Users displays the users who used the most HTTP bandwidth e Web Usage Sites By User By Site displays a list of all users their top sites the number of hits to each site and the amount of data transferred e Web Filter Summary displays the number of times users attempt to access blocked sites during each hour e Web Filter Top Sites displays the top blocked web sites that users attempted to access e Web Filter Top Users displays the users who made the most attempts to access blocked sites e Web Filter Sites By User By Site displays a list of all users their top sites and the number of attempts that were made to access each site e FTP Usage Summary amount of FTP bandwidth handled by the SonicWALL appliance e FTP Usage Top Users displays the users who used the most FTP bandwidth e Mail Usage Summary amount of mail handled by the SonicWALL appliance e Mail Usage Top Users displays the users who sent and received the most mail e Attacks Summary number of attack attempted on the SonicWALL appliance e Attacks By Category displays the attacks that occurred sorted by category e Attacks By Source displays the top sources of attacks e Attacks Errors and Exceptions number of errors an
39. by user e MBytes number of megabytes transferred by user 6 SonicWALL ViewPoint shows today s report and all web sites To change the date of the report or web sites dis played click Settings The Report Settings dialog box appears Viewing Reports 61 Figure 55 Report Settings Dialog Box F Report Settings Micro x SONICWALL Select Report Date Select Site comma separated Generate Report Close 7 Select the number of sites that will be displayed from the Number of Sites list box 8 Select the number of users that will be displayed per site from the Number of Users per Site list box 9 To only display a limited set of web sites enter the URLs in the Select Site field and separate each entry witha comma Note This field does not use pattern matching For example www yahoo com will not match yahoo com mail yahoo com or shopping yahoo com 10 When you are finished click Close SonicWALL ViewPoint adjusts the report for the selected day and settings Note These settings will stay in effect for all similar reports during your active login session Viewing Web Usage Over Time The Web Usage Over Time report displays the daily amount of HTTP bandwidth handled by a SonicWALL appli ance or group of SonicWALL appliances for the specified time period To view the Web Usage Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Sele
40. change report settings click Settings The Report Settings dialog box appears Figure 151 Viewing Reports 139 Figure 151 Report Settings Dialog Box a Report Settings Micro E SONICWALL Report Display Settings C Select Report Date Mon Tue J Wed Thu Fri Sat 1 Tu K dho u hz hs 24 25 31 7 Select the type of chart to display from the View Settings area 8 Select the year month and day that you would like to view 9 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day 140 SonicWALL ViewPoint User s Guide Viewing the Log The Log Viewer contains detailed information on each transaction that occurred on the SonicWALL appliance This information is stored for the time that you specified in the configuration settings Note The Log Viewer displays raw log information for every connection Depending on the amount of traffic this can quickly consume a large amount of space in the database It is highly recommended to be careful when choos ing the number of days of information that will be stored For more information see Configuring Reporting Set tings on page 35 Viewing the Log for a SonicWALL Appliance To view the Log follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 Expand the Log Viewer tree and click Search The Search page appears Figure 152 Select a
41. e of Intrusions percentage of intrusions from this destination compared to all other destinations For example if 5 000 intrusion attempts occurred during this period and 500 came from 108 12 11 2 its of Intrusions field will display 10 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 123 Viewing Reports 131 Figure 141 Report Settings Dialog Box A ViewPoint Date Range Selector E 3 SONICWALL May 11 2004 May 5 2004 __ May 4 2004 May 3 2004 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Sources Over Time The Source Over Time report displays the IP addresses of the sources which originated the request that caused an intrusion attempt For example if the system at IP address 192 168 1 102 issued a request to the system at 102 1 22 3 and 102 1 22 3 made an intrusion attempt 192 168 1 102 would be listed as the source in the Source Over Time report To view
42. entire liability under any provision of this SLA shall be limited to the amount actually paid by you for the SOFTWARE PRODUCT provided however if you have entered into a SonicWALL support services agreement SonicWALL s entire liability regarding support services shall be governed by the terms of that agreement Because some states and jurisdiction do not allow the exclusion or limitation of liability the above limitation may not apply to you Manufacturer is SonicWALL Inc with headquarters located at 1143 Borregas Avenue Sunnyvale CA 94089 USA Chapter 1 Introducing SonicWALL ViewPoint Chapter 2 Installing SonicWALL ViewPoint CONTENTS 11 13 Installation Overview Installation Logging in and out of SonicWALL ViewPoint Registering SonicWALL ViewPoint Creating a mysonicwall com Account Registering the SonicWALL Appliance Activating the ViewPoint Software 14 15 17 18 18 18 18 Enabling the ViewPoint License on the SonicWALL Appliance19 Chapter 3 Configuring ViewPoint 21 Configuring a SonicWALL Appliance for SonicWALL ViewPoint 22 Configuring Access to a SonicWALL Appliance Adding a SonicWALL Appliance to SonicWALL ViewPoint Deleting SonicWALL Appliances from SonicWALL ViewPoint Modifying Settings for a SonicWALL Appliance Configuring User Settings Changing ViewPoint Login Password Configuring Presentation Options Configuring Management Settings Configuring General ViewPoint Settings Configuring A
43. entry with a comma Note This field does not use pattern matching For example john will not match john_smith john42 or big john 12 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing Bandwidth Usage Over Time The Bandwidth Over Time report displays the daily amount of traffic handled by a SonicWALL appliance or a group of SonicWALL appliances for the specified time period To view the Bandwidth Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Bandwidth tree and click Over Time The Over Time page appears Figure 38 46 SonicWALL ViewPoint User s Guide Figure 38 Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q e A E Psn Jeroe Qua O 2 SaO SA Address https 4 10 0 14 156 sgms auth search web g PageRank Eh 847 blocked E autoni E Fa Options gateway sonicwall com Over Time user Bandwidth Usage from June 22 2004 to June 27 2004 oogoggon E 17049 481 7678 169 2709 123 3767 721 1473 007 1 SONICWALL SonicWALL ViewPoint l Done Internet 5 The bar graph displays the amount of bandwidth transferred during eac
44. for SonicWALL ViewPoint The following instructions describe how to configure a SonicWALL appliance to send data to SonicWALL View Point 1 Log into the SonicWALL appliance 2 Ts Expand the Log tree and click Log Settings The Log Settings page appears Figure 8 Figure 8 Log Settings Page SonicWALL Administration Microsoft Internet Explorer File Edit View Favorites Tools Help Qa O x A Gb Asah Je Favorites Pueia 2 62 Address http 10 50 164 65 management html Sending the Log Mail Server Name or IP Address Send log to E Mail Address Send alerts to _ amp Mail Address Firewall Name 0040100F88D1 Name Email LogNow ClearLogNow Anti Virus High Availability Delete Syslog Server Logout STATUS Ready Enter the IP address and port default 514 of the SonicWALL ViewPoint server in the Add Syslog Server fields Enter 0 in the Syslog Individual Event Rate field The Syslog Individual Event Rate field reduces the number of repetitive events that are logged by SonicWALL ViewPoint Although this prevents a log file from being full of repetitive events setting the Syslog Individual Event Rate field to anything other than 0 will result in inaccurate ViewPoint reports Select Default from the Syslog Format list box To ensure accurate and complete reporting make sure that every event category in the Categories area is selected except for Network Debug When you a
45. icon a group or a SonicWALL appliance Expand the Web Usage tree and click Summary The Summary page appears Figure 46 54 SonicWALL ViewPoint User s Guide Figure 46 Summary Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Pear rons Que O 2 CaWIOLE Address https 4 10 0 14 156 sgms auth mm MyTzw bm svIOf WOO SONICWALL Search web g Boo oo Baoeaag G gateway sonicwall com Summary user Web Usage Summary for June 27 2004 PageRank Fh 847 blocked E autor O Siri a dmin S YA 4 SonicWALL ViewPoint 5 The bar graph displays the amount of HTTP bandwidth transferred during each hour of the day 6 The table contains the following information e Hour when the sample was taken e Events number of events or hits e MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of HTTP data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 47 Figure 47 Report Settings Dialog Box a Report Settings SONICWALL Report Display Settings Select Report Da
46. ls 9 wo ha n2 f3 fis fe 17 ha 19 fzo a2 23 24 25 26 27 ze 29 30 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing Blocked Site Attempts Over Time Note These settings will stay in effect for all similar reports during your active login session The Web Filter Over Time report displays the number of attempts that were made to access blocked web sites for the specified time period To view the Web Filter Over Time report follow these steps Start and log into SonicWALL ViewPoint 1 2 3 4 Click the Reports tab Select the global icon a group or a SonicWALL appliance Expand the Web Filter tree and click Over Time The Over Time page appears Figure 72 Viewing Reports 75 Figure 72 Over Time Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A GD Osh she ravortes Aui O e GUDA Address https 4 10 0 14 156 sgms auth gateway sonicwall com Over Time user min Web Filter Activity from June 22 2004 to June 27 2004 ono Attempts 6 of Attempts DEOR o a o SONICWALL i SonicWALL ViewPoint 5 The bar graph displays the number of attempts that were made to access blocked web sites during each day of the specified time period 6 The table contains the following information e Date day when the sample was taken e Attempts n
47. page appears Figure 74 Select a SonicWALL appliance Figure 74 Top Sites Over Time Page File Edit View Favorites Tools Help Q sex Q x a A JO search Sie Favortes meaa O B A E mm B amp Address https 10 0 14 158 sams auth y Eco tinks Google v BPsearchweb ge PageRank Ch 847 blocked E O Palontins B MyReportsView R ga so o op Q F m gateway sonicwall com pmm MyTzw 00 e 00 settings im sviofw00 2 a 4 10 50 193 50 2917 Custom List 100 0 0 4 te O A a Po Done Internet The graph displays the number of access attempts for each of the top blocked web sites during the specified time period The table contains the following information e Site URL or IP address of the site e Attempts number of attempts e of Attempts percentage of attempts to access the blocked site compared to all other blocked site attempts For example if 500 attempts were made during the period and 100 of those attempts were for www badsite com its of Attempts field will display 20 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 75 Viewing Reports 77 Figure 75 Report Settings Dialog Box A ViewPoint Date Range Selector E R SONICWALL May 11 2004 May 5 2004 __ May 4 2004 May 3 2004 8 Select whether to display a chart and table or a table only 9 Selec
48. report follow these steps l Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 Expand the VPN Usage tree and click Top Users The Top Users page appears Figure 98 Select a SonicWALL appliance Figure 98 Top Users Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O bX AQ Pear ros Que O A SBA Address https 10 0 14 158 sgms auth ooon oon E svi0dc00 sv us sonicwall com 10 50 6 10 Syprint1 sv us sonicwall com deadelvis Naveent sv us sonicwall com dwickman 7131 sv us sonicwall com atomooka a o SONICWALL 5 The pie chart displays the VPN connections for the top VPN users The table contains the following information e Users the IP address of the user e Connections number of VPN connections e of Connections percentage of VPN connections made by this user compared to all other users For example if 10 000 connections occurred during the day and 1 000 connections were made by one user the of Connections field will display 10 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top users To change these set tings click Settings The Report Settings dialog box appears Figure 99 98 SonicWALL ViewPoint User s Guide 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Cha
49. service Service reports are useful for revealing inappropriate usage of bandwidth and can help determine network policies For example if there is a large spike of bandwidth usage you can determine whether this is caused by regular web access someone using FTP to transfer large files an attempted Denial of Service DoS attack or another service Note All reports appear in the Firewall s time zone SonicWALL ViewPoint can monitor known services as well as custom services To add a service to monitor see Adding a Service on page 52 Select from the following e To view service bandwidth usage in real time see Monitoring Service Usage in Real Time on page 50 e To view a summary of the daily service bandwidth usage see Viewing the Services Summary Report on page 51 Note You cannot view services reports from the global or group view Monitoring Service Usage in Real Time The Services Monitor displays service usage for the selected SonicWALL appliance in real time To view the Service Monitor follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Services tree and click Monitor The Monitor page appears Figure 42 Figure 42 Monitor Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q x A CD seach ferate Ami H E awe B D Google O Options MyReportsView
50. the SonicWALL appliance using HTTPS or HTTP over the VPN tunnel Configuring ViewPoint 25 Adding a SonicWALL Appliance to SonicWALL ViewPoint This section describes how to add a SonicWALL appliance to SonicWALL ViewPoint To add a SonicWALL appli ance follow these steps 1 Start and log into SonicWALL ViewPoint The Status page appears Figure 14 Figure 14 Status Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help GQ ex Q x a EA JO search She Favorites Media O B eB El m a B amp Address https 10 0 14 158 samsfauth O Options gateway sonicwall com Status user Logout Refresh ify Unit Unit Nos Delete ii lo SonicWALL PRO 2040 000681110780 Java Applet Window it i icOS Standard 2 2 0 0 B Pacific Time US amp Canada Not Licensed ao Syslog Servers IP Address Port 10 50 0164 60002 10 0 14 158 514 q oon eo Getting Started With ViewPoint op SonicWALL ViewPoint 2 Right click in the left pane of the SonicWALL ViewPoint UI and select Add Unit from the pop up menu The Add Unit dialog box appears Figure 15 Figure 15 Add Unit Dialog Box Add Unit SonicWALL Name SonicWALL Login Name SonicWALL Password SonicWALL IP SonicWALL HTTP Port Serial Number Enable HTTPS Management 3 Enter a descriptive name for your SonicWALL appliance in the SonicWALL Name fiel
51. the Password field 16 To only display data for a specified group of web sites or users enter the URL of each site and username of each user separated by commas in the User Server Filter field Because this field uses pattern matching entries such as yahoo com will display data for mail yahoo com and shopping yahoo com Entries such as john will display data for johnm 123john and so on 17 Select the daily reports that will be included in the e mail message e User Login shows users that logged on to the SonicWALL appliance to bypass content filtering or to remotely access local network resources e Admin Login shows successful administrator logins for the SonicWALL appliance e Failed Login shows failed login attempts for users and administrators that attempted to log on through the SonicWALL appliance e Status Summary status of the SonicWALL appliance during each hour e Bandwidth Summary amount of traffic handled by the SonicWALL appliance during each hour e Bandwidth Top Users displays the users who used the most bandwidth e Service Summary amount of traffic handled by each service during each hour e VPN Summary amount of VPN traffic handled by the SonicWALL appliance during each hour e VPN Top Users displays the users who used the most VPN bandwidth e VPN By Policy displays VPN usage by policy e VPN By Policy hourly displays hourly VPN usage by policy e VPN By Service displays VPN usage
52. the Source Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Intrusion Prevention tree and click Sources Over Time The Sources Over Time page appears Figure 142 132 SonicWALL ViewPoint User s Guide Figure 142 Sources Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Pear rons Que O O CaWIOLE Address https 4 10 0 14 156 sgms auth GS Search web go PageRank Eh e47 blocked E auior Fa options i MyReportsView all sviofw00 Sources Over Time user m gateway sonicwall com Intrusions by Source from June 22 2004 to June 27 2004 BOER eases smadison 6874 sv us sonicwall com intrusions of Intrusions ptveit 7124 sv us sonicwall com 36495 67 115 118 209 sonicwall com 30902 192 168 32 102 30015 10 0 30 57 13048 7 2 nbc com 7262 4 0 cbs com 3520 1 9 vnsc bak sys gtei net SONICWALL 5 The pie chart displays the percentage of each source 6 The table contains the following information e Source the source that made the request e Intrusions number of intrusions 3021 17 SonicWALL ViewPoint e of Intrusions percentage of intrusions caused by this source s request compared to all other sources For example if 1 000 intrusion attempts occurre
53. the user logged into SonicWALL ViewPoint as the Sender e mail address To change it enter a new Sender e mail address in the Source Email Address field 7 Enter the Subject Line that will appear in reports sent from SonicWALL ViewPoint in the Email Subject field 8 Enter text that will appear in the message body in the Email Body field 9 To copy the contents of the report into the body of the email message select the Send Reports Inline check box To send the file as an email attachment make sure this check box is deselected Note Reports can only be sent inline when all data is sent in a single report 10 To archive the file on the server s hard disk select the Archive check box and enter a path in the Save Direc tory field Specify the directory where the file will be archive in the Save Directory field 11 Optional To specify a specific date enter the date in the Report Date field 12 If you are using custom reports specify the folder location of the template files in the Template Folder Name field For more information see Appendix B Customized Reports 13 To compress the reports into a single file select the Zip Reports into a single file check box 14 To include all of the data in a single report select the Include all data in a single report check box 144 SonicWALL ViewPoint User s Guide 15 To password protect the Zip file select the Password Protect the Zip File check box and enter the password in
54. today s report a pie chart and the ten top users To change these set tings click Settings The Report Settings dialog box appears Figure 83 84 SonicWALL ViewPoint User s Guide Figure 83 Report Settings Dialog Box a Report Settings Micro E x SONICWALL Report Display Settings 3 4 5 6 8 10 12 13 15 a7 18 19 20 24 26 27 29 a Select Users comma separated Generate Report Close 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 To display a limited group of users enter the user IDs in the Select Users field and separate each entry with a comma Note This field does not use pattern matching For example john will not match john_smith john42 or big_john 12 When you are finished click Close SonicWALL ViewPoint refreshes the report based on the selected settings Note These settings will stay in effect for all similar reports during your active login session Viewing FTP Bandwidth Usage Over Time The FTP Usage Over Time report displays the daily amount of FTP bandwidth handled by a SonicWALL appliance or group of SonicWALL appliances for the specified time period To view the FTP Usage Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the gl
55. using Tiny Encryption tech nology Specifies the database owner This is encrypted using Tiny Encryption technol ogy Specifies the data source Specifies the database password This is encrypted using Tiny Encryption tech nology Number of database connections default 20 Specifies the database driver Specifies the URL of the database Internal use only Internal use only Internal use only Specifies another host that will receive syslog messages Specifies the port of the host that will receive syslog messages The SonicWALL ViewPoint Log Files SonicWALL ViewPoint provides a number of log files that can be used for troubleshooting These files are located in the SonicWALL ViewPoint Logs directory and include msde log MSDE database log phase2install log Phase 2 Installation log SonicWALL ViewPoint User s Guide viewpointWebServerLog txt Web Server log tomcaterr log Tomcat log tomcatout log Tomcat log vpSummarizerDbg txt Summarizer log in debug mode vpSummarizerLog txt Summarizer log in non debug mode The following log files are also available e lt viewpoint_directory gt SonicWALL_ViewPoint_2 0_installLog log Phase 1 Installation log e C ViewPoint20_uninstall log Uninstall log Encrypting the sgmsConfig xml File To encrypt text for use in the sgmsConfig xml and web xml files do the following 1 Navigate to the lt viewpoint_directory gt bin folder 2
56. view 9 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day 138 SonicWALL ViewPoint User s Guide Viewing the Failed Login Report The failed login reports shows failed login attempts for users and administrators that attempted to log on to the SonicWALL appliance during the specified day This report is useful for identifying unauthorized access attempts and potentially malicious activity To view the Failed Login report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Authentication tree and click Failed Login The Failed Login page appears Figure 150 Figure 150 Failed Login Page F SonicWALL ViewPoint Microsoft Internet Explorer DER Fie Edit View Favorites Tools Help Q h BOD Psn Fers Au O A GBO SA https 10 0 14 158 sgms auth QP Search web ge PaseRank Gh 847 blocked E autoni Pa Options eports svidfw00 Failed Login Logout JE Failed Logins for for June 27 2004 settings cap G No Data Available ao Report produced for timezone Pacific Time US amp Canada ooonon SONICWALL a SonicWALL ViewPoint Done Internet 5 The table contains the following information e User the user name Time time the user logged in e IP Address IP address of the user 6 SonicWALL ViewPoint shows today s report To
57. 1 Report Settings Dialog Box a Report Settings Micro E x SONICWALL Report Display Settings Select Report Date f June v 2004 v Sun Mon Tue Wed Thu Fri Sat 1 2 3 4 5 6 7 8 9 10 m 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Select Users comma separated Generate Report Close 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 To display a limited group of users enter the user IDs in the Select Users field and separate each entry with a comma Note This field does not use pattern matching For example john will not match john_smith john42 or big john 12 When you are finished click Close SonicWALL ViewPoint refreshes the report based on the selected settings Note These settings will stay in effect for all similar reports during your active login session Viewing Web Usage by User The By User report displays a list of all users their top sites the number of hits to each site and the amount of data transferred To view the By User report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click By User The By User page appears Figure 52 Viewing Reports 59 Figure 52 By User Page F S
58. 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Attacks Over Time The Attacks Over Time page appears Figure 120 Figure 120 Attacks Over Time Page Zi SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Psn grons Que O A SBD Address https 10 0 14 158 sgms auth svidfwoo Attacks Over Time user admin Attempted Attacks from June 22 2004 to June 27 2004 ooononon o 100 0 SonicWALL ViewPoint Versio 5 The bar graph displays the number of attacks attempted each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Attacks number of attacks e of Attacks percentage of attacks on this day compared to the time period For example if 10 000 attacks occurred during the time period and 1 000 attacks occurred on Thursday its of Attacks field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 121 Viewing Reports 115 Figure 121 Report Settings Dialog Box A ViewPoint Date Range Selector E 3 SONICWALL May 11 2004 May 5 2004 __ May 4 2004 May 3 2004 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summar
59. 4 00 05 00 06 00 07 00 08 00 SONICWALL cs re SonicWALL ViewPoint a Internet 5 The bar graph displays the amount of FTP bandwidth transferred during each hour of the day 82 SonicWALL ViewPoint User s Guide 6 The table contains the following information e Hour when the sample was taken Events number of FTP events e MBytes number of megabytes transferred of MBytes percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of FTP data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 81 Figure 81 Report Settings Dialog Box a Report Settings Micro E SONICWALL Report Display Settings o Select Report Date v 2004 v Sun Mon Tue Wed Thu Fri 2 3 4 5 6 7 9 ho 11 12 13 14 18 19 20 21 25 26 27 28 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing the Top Users of FTP Bandwidth The Top Users report displays the users who used the most FTP bandwidth on the specified date To view the To
60. ALL ViewPoint 5 The bar graph displays the amount of time the SonicWALL appliance s were online and functional during each hour of the day 6 The table contains the following information Hour when the sample was taken e Up Time number of minutes during the hour that the SonicWALL appliance was Up 7 SonicWALL ViewPoint shows today s report To change the date of the report and other settings click Set tings The Report Settings dialog box appears Figure 34 Figure 30 Report Settings Dialog Box A Report Settings Micro T 5 SONICWALL Report Display Settings Select Report Date Thu Fri 4 11 18 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you would like to view from the Select Report Date area 10 When you are finished click Close The SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session 40 SonicWALL ViewPoint User s Guide Viewing Status Over Time The Status Over Time report displays the how often the SonicWALL appliance or a group of SonicWALL appli ances was available during the specified time period To view the Status Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a Sonic
61. ALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q sxx te P x la Search g Favorites media amp s a B dh Address https 10 0 14 158 sams auth Google vi GPSearchwWeb go PaveFiank Eh 847 blocked O Fa options MyReportsView t Logout pe gateway sonicwall com poll MyGateway pum MyTzw Stal svIOf WOO Summary Monitor Top Users Over Time Top Users Over Time 4 Min Ago 3Min Ago 2 Min Ago Elapsed Time SONICWALL cs SonicWALL ViewPoint Done Internet 5 The Bandwidth Monitor shows the amount of data transferred during each sampling period for the last five minutes The sampling period is five seconds Viewing the Top Users of Bandwidth The Top Users report displays the users who used the most bandwidth on the specified date To view the Top Users report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Bandwidth tree and click Top Users The Top Users page appears Figure 36 44 SonicWALL ViewPoint User s Guide Figure 36 Top Users Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A GD Preach she ravortes Aui O Z SDA Address 2 https 10 0 14 158 sqmsfauth Google v GBsearchWeb go PageRank Eh 847 blocked O Options MyReports View t gateway sonicwall com Top Users user admin iem gat
62. Drop Pkt as host is not Authenticated IP VPN FW Policy requires host authentication by RADIUS IP CONFIG RADIUS is not enabled Dropping IP ULA enabled PDE Drop Pkt as RADIUS is not enabled IP CONFIG Only 1 PDE can have Peer Net set to all zero Found more than one Gateway PDE with peer networks set to all zero Drop ISAKMP frame from Local Side VPN FW IKE received on local interface Check cabling CONFIG Remote network appears in more than 1 PDE Src Dst Net Mask Destination matches to multiple peer networks on Gateway PDE Src Dst Net Mask Drop ESP due to bad checksum in IP NETWORK Incoming ESP packet has bad checksum Local interface Source address failed filter Sre Dst VPN FW Local interface reports invalid source IP Sre Dst Remote interface Source address failed filter Sre Dst VPN FW Remote interface reports invalid source IP Sre Dst Unsupported protocol SrcIP DstIP Protocol Port Interface VPN FW No session for SrcIP DstIP Protocol Port Intf Failed to build SA Block connection Peer VPN FW Block VPN Connection Peer Drop ESP or AH Multiple server entries ISAKMP aborted Peer SYSTEM ERROR Multiple server entries IKE aborted Peer Drop ISAKMP frame on remote port in non operational mode Peer SYSTEM ERROR Drop IKE frame from to Peer ISAKMP race condition
63. Enter the following command java cp TEAV text where text is the text string to encrypt The encrypted string is returned 3 Add the encrypted string to the sgmsConfig xml or web xml file Note This procedure only performs encryption Encrypted Data in the sgmsConfig xml File The sgmsConfig xml and web xml files contain encrypted data The following information is encrypted using Tiny Encryption technology e Database Password e Database Name e Database Username e Database Owner Resetting the Admin Password To reset the admin user s password to default value of password enter the following from the command line prompt osql U DBuser P DBpassword q exit update sgmsdb dbo users set password 5 4dcc3b5aa765d61d8327deb882cf99 where id like admin where DBuser is the SGMSDB username and DBpassword is the SGMSDB password Copying Pasting into SonicWALL ViewPoint User Interface The Java Plug in version 1 3 and later does not allow applets to access user clipboards To circumvent this you must explicitly allow applets to access your clipboard To do this follow these steps 1 Open the java policy file with a text editor It is usually located in the following directory c Program Files JavaSoft JRE 1 3 lib security 2 Add the following line to the top of the file after the standard properties that can be read by anyone permission java awt AWTPermission accessClipboard write 3 Save the java poli
64. Install Folder Screen 2 SonicWALL ViewPoint 2 8 Where Would You Like to Install C WiewPoint2 Restore Default Folder Choose lnstallArcpiiere by Zero O 5 To accept the default location click Next To select a different location click Choose and select a folder Click Next The Settings screen appears Figure 4 Figure 4 Settings Screen 2 SonicWALL ViewPoint 2 8 re rd SMTP Server Address smtp yada com at rali nAn Web Server Port 80 K A ViewPoint Administrator e Mail 1 admin yada com ViewPaint Administrator e Mail 2 SonicWALL f era ViewPoint i Confirm Password bili I Validate fields on this screen Do the following e Enter the IP address or host name of the Simple Mail Transfer Protocol SMTP server in the SMTP Server Address field e Enter the number of the web server port in the Web Server Port field default 80 e Enter the e mail addresses of administrators who will receive e mail notifications from SonicWALL View Point e Enter and confirm the database password in the Database Password and Confirm Password fields e To configure SonicWALL ViewPoint to validate these settings select the Validate fields on this screen check box Click Install The installation program begins copying SonicWALL ViewPoint files 6 After the files are copied restart the server Installation is complete 16 SonicWALL ViewPoint User s Guide Lo
65. JO search She Favorites Media O B eB El m a B amp ess https 10 0 14 158 sams auth Logout gateway sonicwall com MyGatesnas MyTz Refresh svl0f Add Unit B 0 US amp Canada ViewPoint Not Licensed goog o a Syslog Servers IP Address Port 10 50 0164 60002 10 0 14 158 514 Q oon eo Getting Started With ViewPoint op SONICWALL Forel SonicWALL ViewPoint 2 Select a unit in the left pane of the SonicWALL ViewPoint UI 3 Right click on the unit and select Modify Unit from the pop up menu The Modify Unit dialog box appears Figure 18 Figure 18 Modify Unit Dialog Box A Modify Unit SonicWALL Name PiyGateway SCS SonicWALL Login Name famn SSS SonicWALL Password pe ooo soicwalre S SonicWALL HTTP Pot o ooo S Serial Number foosstosose ooo Enable HTTPS Management Cancel 4 Make changes to any of the fields When you are finished click OK After SonicWALL ViewPoint finds the SonicWALL appliance and validates its ViewPoint license the SonicWALL appliance will re appear in the left pane of the SonicWALL ViewPoint UI 28 SonicWALL ViewPoint User s Guide Configuring User Settings This section describes how to configure user settings Changing ViewPoint Login Password To modify the login password for SonicWALL ViewPoint follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Console Panel tab a
66. L i SonicWALL ViewPoint _ done fi Internet sil 5 The bar graph displays the number of VPN connections made during each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Connections number of connections e KBytes number of kilobytes transferred e of Usage percentage of kilobytes transferred during this day compared to the time period For exam ple if 10 000 kilobytes of mail was transferred during the time period and 2 500 kilobytes of mail was transferred on one day the of Usage field will display 25 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 101 Figure 101 Report Settings Dialog Box ViewPoint Date Range Selector E R SONICWALL 8 Select whether to display a chart and table or a table only 100 SonicWALL ViewPoint User s Guide 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top VPN Users Over Time The Top Users report
67. LCP Conf Req Revd LCP Conf Ack Sent PPP LCP Conf Ack Sent LCP Conf Ack Revd PPP LCP Conf Ack Revd LCP Conf Nak Sent PPP LCP Conf Nak Sent LCP Conf Nak Revd PPP LCP Conf Nak Revd LCP Conf Reject Sent PPP LCP Conf Reject Sent LCP Conf Reject Revd PPP LCP Conf Reject Revd LCP Term Req Sent PPP LCP Term Req Sent LCP Term Req Revd PPP LCP Term Req Revd LCP Term Ack Sent PPP LCP Term Ack Sent LCP Term Ack Revd PPP LCP Term Ack Revd LCP Code Reject Sent PPP LCP Code Reject Sent LCP Code Reject Revd PPP LCP Code Reject Revd LCP Protocol Reject Revd PPP LCP Protocol Reject Revd PAP Auth Req Sent PPP PAP Auth Req Sent SonicWALL ViewPoint User s Guide PAP Auth Ack Revd PPP PAP Auth Ack Revd PAP Auth Nak Revd PPP PAP Auth Nak Revd IPCP Conf Req Sent PPP IPCP Conf Req Sent IPCP Conf Req Revd PPP IPCP Conf Req Revd IPCP Conf Ack Sent PPP IPCP Conf Ack Sent IPCP Conf Ack Revd PPP IPCP Conf Ack Revd IPCP Conf Nak Sent PPP IPCP Conf Nak Sent IPCP Conf Nak Revd PPP IPCP Conf Nak Revd IPCP Conf Reject Sent PPP IPCP Conf Reject Sent IPCP Conf Reject Revd PPP IPCP Conf Reject Revd IPCP Term Req Sent PPP IPCP Term Req Sent IPCP Term R
68. Note These settings will stay in effect for all similar reports during your active login session 68 SonicWALL ViewPoint User s Guide Viewing Web Filter Reports Web filter reports provide information on the number of attempts that users made to access blocked web sites through the selected SonicWALL appliance s These reports include web sites blocked by the Content Filter List customized keyword filtering and domain name filtering Web filter reports can be used to view blocked site access attempts by the hour day or over a period of days Addi tionally you can view the users that most frequently attempt to access blocked sites and the most popular blocked sites Note All reports appear in the Firewall s time zone Select from the following e To view a summary of the blocked site access attempts see Viewing the Web Filter Summary Report on page 69 e To view a list of the blocked sites that users attempted to access most often see Viewing the Web Filter Top Sites Report on page 71 e To view the users who made the most attempts to access blocked sites see Viewing the Top Users that Try to Access Blocked Sites on page 72 e To view the top blocked sites that each user attempted to access see Viewing the Top Blocked Sites for Each User on page 74 e To view blocked site access attempts over a period of time see Viewing Blocked Site Attempts Over Time on page 75 e To view a list of the
69. Note These settings will stay in effect for all similar reports during your active login session Viewing Top Users Over Time The Top Users Over Time report displays the top users of bandwidth for the specified time period To view the Top Users Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click Top Users Over Time The Top Users Over Time page appears Figure 60 Viewing Reports 65 Figure 60 Top Users Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q OAD Pst erns Que O A SEWIOLE Address https 4 10 0 14 156 sgms auth gateway sonicwall com Top Users Over Time user admin Logout Top Web Users from June 22 2004 to June 27 2004 settings JE Sic aia no 1 MRRRREREN o Bao Sv us sonicwall com oon Report produced for timezone Pacific Time US amp Canada SONICWALL SonicWALL ViewPoint El Done ff Internet 5 The graph provides a graphical display of the percentage of bandwidth transferred by each of the top users over the specified time period 6 The table contains the following information e Users the IP address of the user e Hits number of hits e MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred by this user compared to all user
70. ON This SLA is effective upon your opening of the sealed package s installing or otherwise using the SOFTWARE PRODUCT and shall continue until terminated Without prejudice to any other rights SonicWALL may terminate this SLA if you fail to comply with the terms and conditions of this SLA In such event you agree to return or destroy the SOFTWARE PRODUCT including all related documents and components items as defined above and any and all copies of same LIMITED WARRANTY SonicWALL warrants that a the software product will perform substantially in accordance with the accompanying written materials for a period of ninety 90 days from the date of purchase and b any support services provided by SonicWALL shall be substantially as described in applicable written materials provided to you by SonicWALL Any implied warranties on the software product are limited to ninety 90 days Some states and jurisdictions do not allow limitations on duration of an implied warranty so the above limitation may not apply to you CUSTOMER REMEDIES SonicWALL s and its suppliers entire liability and your exclusive remedy shall be at SonicWALL s option either a return of the price paid or b repair or replacement of the SOFTWARE PRODUCT that does not meet Son icWALL s Limited Warranty and which is returned to SonicWALL with a copy of your receipt This Limited War ranty is void if failure of the SOFTWARE PRODUCT has resulted from accident abuse or misap
71. P address of the site e Hits number of hits e MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred between this site compared to all other HTTP traffic For example if 10 000 megabytes of data was transferred during the day and 5 000 megabytes was trans ferred between the appliance and Ebay the of MBytes field will display 50 and you have a problem 7 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top sites To change these set tings click Settings The Report Settings dialog box appears Figure 49 56 SonicWALL ViewPoint User s Guide 8 Select the number of sites that will be displayed from the Number of Sites list box 9 Select whether to display a chart and table or a table only 10 Select the year month and day that you would like to view Figure 49 Report Settings Dialog Box E Report Settings Micro E x SONICWALL Report Display Settings 10 M Select Report Date h 2 b fa 6 7 8 9 w0 u i3 fa fis f T 17 18 12 19 20 21 22 23 24 k25 27 28 29 26 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing the Top Users of Web Bandwidth Note These settings will stay in effect for all similar reports during your active login session The Top Users report displays the users who used the most HTTP bandwidth on the specified date To view
72. Point Date Range Selector SONICWALL 8 Select whether to display a chart and table or a table only 9 Select from the following To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Reports 135 Viewing Authentication Reports The login reports show user logins administrator logins and failed login attempts for users and administrators Note All reports appear in the Firewall s time zone Select from the following e To view user logins see Viewing the User Login Report on page 136 e To view administrator logins see Viewing the Administrator Login Report on page 137 e To view failed login attempts see Viewing the Failed Login Report on page 139 Viewing the User Login Report The user login report shows users that logged on to the SonicWALL appliance during the specified day to bypass content filtering or to remotely access local network resources To view the User Login report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Authentic
73. Reports tab 3 Select a SonicWALL appliance 4 Expand the Mail Usage tree and click Top Users Over Time The Top Users Over Time page appears Figure 94 Figure 94 Top Users Over Time Page ewPo plore m Fie Edit View Favorites Tools Help aR Q O h AQ Pear grons Que O A SBD Address https 10 0 14 158 sams auth x Ba Links gt Google v PSearchweb GB PageRank Eh 847 blocked FE autori E Fa options MyReportsYiew p svidfw00 Top O age m gateway sonicwall com EEEE So foo eo 10 50 196 37 50 27 349 26 5 kwokna2 sv us sonicwall com 6517 20 91 20 3 10 50 162 129 695 18 264 177 bdowhaniuk 3162 sv us sonicwall com bee USED Se mshapira 7167 sv us sonicwall com dcontey v 0 A o A a s Jojn 937 5 698 5 5 Elone E internet 5 The pie chart displays the percentage of mail sent and received by the top mail users 6 The table contains the following information e Users the IP address of the user Events number of mail messages sent and received e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred by this user compared to all users For example if 10000 kilobytes of data was transferred during the period and 2000 kilobytes was transferred by the top user the of KBytes field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Select
74. SonicWALL ViewPoint User s Guide Version 2 8 Copyright Information 2004 SonicWALL Inc All rights reserved Under the copyright laws this manual or the software described within may not be copied in whole or part with out the written consent of the manufacturer except in the normal use of the software to make a backup copy The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original Under the law copying includes translating into another language or format SonicWALL is a registered trademark of SonicWALL Inc Other product and company names mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice Part Number 232 000572 00 Rev A Software License Agreement for ViewPoint Management System This Software License Agreement SLA is a legal agreement between you and SonicWALL Inc SonicWALL for the SonicWALL software product identified above which includes computer software and any and all associ ated media printed materials and online or electronic documentation SOFTWARE PRODUCT By opening the sealed package s installing or otherwise using the SOFTWARE PRODUCT you agree to be bound by the terms of this SLA If you do not agree to the terms of this SLA do not open the sealed package s install or use the SOFTWARE PRODUCT You may however return the unop
75. ViewPoint shows today s report To change report settings click Settings The Report Settings 7 Select the type of chart to display from the View Settings area E Report Settings SONICWALL Report Display Settings dialog box appears Figure 129 Figure 129 Report Settings Dialog Box Micro E Sun Mon Tue Wed Thu Fri 2 B 10 17 24 a 4 11 18 25 5 12 19 26 6 13 20 27 8 Select the year month and day that you would like to view 9 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing the Intrusions by Destination The Intrusions by Destination report displays the top destinations from which intrustions were attempted To view the Attacks by Destination report follow these steps 1 2 Click the Reports tab 3 4 Expand the Intrusion Prevention tree and click By Destination The By Destination page appears Figure 130 Start and log into SonicWALL ViewPoint Select a SonicWALL appliance Viewing Reports 123 Figure 130 By Destination Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Om AG Am er Spies O 2 SIRLE N Address https 4 10 0 14 156 sgms auth svidfwo0 By Destination user BE ene a oonu admin Intrusions by Destination for June 27 2004 Destination 10 0 92 2 Intrusions 6 of Intrusions svi0dc00 sy us sonicwall com
76. Viewing the Bandwidth Summary Report The Bandwidth Summary report contains information on the amount of traffic handled by a SonicWALL appliance or group of SonicWALL appliances during each hour of the specified day To view the Bandwidth Summary report follow these steps l Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 Select the global icon a group or a SonicWALL appliance Expand the Bandwidth tree and click Summary The Summary page appears Figure 33 42 SonicWALL ViewPoint User s Guide Figure 33 Summary Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Asan rons Que O O CaBWIOLE Address https 4 10 0 14 156 sgms auth GS Searchweb go PageRank Eh e47 blocked E autori E fal options A gateway sonicwall com Summary user Bandwidth Summary for June 27 2004 oogogougaa a Source Destination E 05 06 00 07 00 07 00 08 00 SONICWALL amp Done SonicWALL ViewPoint 5 The bar graph displays the amount of bandwidth transferred during each hour of the day 6 The table contains the following information e Hour when the sample was taken e Events number of events or hits e MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of dat
77. WALL appliance 4 Expand the Status tree and click Over Time The Over Time page appears Figure 31 Figure 31 Over Time Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Pear rons Que O 2 SaWIOLE Address https 4 10 0 14 156 sgms auth gateway sonicwall com Summary user admin Bandwidth Summary for June 27 2004 Source Destination ogooooaoonntn SONICWALL ore SonicWALL ViewPoint Done ff Internet 5 The bar graph displays the amount of time the SonicWALL appliance s were available during each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Up Time amount of time in hours that the SonicWALL appliance was Up 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Viewing Reports 41 Figure 32 Report Settings Dialog Box i ViewPoint Date Range Selector R SONICWALL May 11 2004 May 10 2004 May 9 2004 May 8 2004 May 7 2004 May 6 2004 May 5 2004 May 4 2004 May 3 2004 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the
78. a was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 7 SonicWALL ViewPoint shows today s report To change the date of the report and other settings click Set tings The Report Settings dialog box appears Figure 34 Figure 34 Report Settings Dialog Box ViewPoint Settings Microsoft Inte SONICWALL Report Display Settings Select Interfaces a hk 8 Select the type of chart to display from the View Settings area Viewing Reports 43 9 Select the year month and day that you would like to view from the Select Report Date area 10 Select the Source and Destination interfaces to view If you want to track bandwidth usage in both directions select the Bi directional check box 11 When you are finished click Generate Report SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Monitoring Bandwidth Usage in Real Time The Bandwidth Monitor displays bandwidth usage for the selected SonicWALL appliance in real time To view the Bandwidth Monitor follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Bandwidth tree and click Monitor The Monitor page appears Figure 35 Figure 35 Monitor Page SonicW
79. ation tree and click User Login The User Login page appears Figure 146 Figure 146 User Login Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Ow O AAO Lae perme Gun OESO s https 10 0 14 158 sgms auth search web gf PageRank 1h 847 blocked f A Paontins A rts svidfwoo User Login mir Logout a User Logins for June 27 2004 settings J No Data Available onono Report produced for timezone Pacific Time US amp Canada onoonon SONICWALL SonicWALL ViewPoint a interet 5 The table contains the following information e User the user name e Time time the user logged in 6 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 147 136 SonicWALL ViewPoint User s Guide Figure 147 Report Settings Dialog Box a Report Settings Micro E SONICWALL Report Display Settings 5 6 m1 12 13 18 19 20 25 26 27 7 Select the type of chart to display from the View Settings area 8 Select the year month and day that you would like to view 9 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing the Administrator Login Report The administrator login report shows successful administrator logins during the specified day This report is useful for identifying misuse and unauthor
80. avorites Tools Help ay Q x 2 JO search She Favorites Sra O 2 Lae amp M Address https 10 0 14 158 samsjauth v Psearchweb go PeseRank Fh 847 blocked autoril EJ fal options A i MyReportsView a svidfw00 Intrusions Over Time user admin f gateway sonicwall com 5 D J A Top Intrusions from June 22 2004 to June 27 2004 onon Z ey as et log tT tT TT Eat j oonononon intrusions 6 of Intrusions IPS Detection Alert ICMP Echo Reply SID 316 IPS Prevention Alert P2P Outbound GNUTella client request SID 1708 IPS Detection Alert ICMP PING SID 293 IPS Detection Alert ICMP PING Windows SID 291 IPS Prevention Alert P2P BitTorrent SONICWALL SonicWALL ViewPoint 5 The pie chart displays the percentage of each type of intrusion attempt 6 The table contains the following information e Type the type of intrusion e Intrusions number of intrusion attempts e of Intrusions percentage of this type of intrusion compared to all other intrusion types For example if 5 000 intrusion attempts occurred during the day and Web IIS attempts makes up 3 000 of the intrusion attempts its of Intrusions field will display 60 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 145 134 SonicWALL ViewPoint User s Guide Figure 145 Report Settings Dialog Box A View
81. ber Of Top Sites 10 x Number Of Top Users 1 Number Of Sites By User Users By Site 5 v Default For Non Sites Users ls Number Of Items 10 Number Of Entries Per Item 10 Filter Parameters Site List comma separated User List comma separated SONICWALL i SonicWALL ViewPoint Applet util started Internet Select whether the reports will contain a chart and table or table only 5 Select whether Summary and Over Time charts will be displayed as bar graphs or plots from the Summary R 8 9 Over Time Charts list box default BAR Select whether User charts will be displayed as pie charts bar graphs area charts or plots from the User Based Charts list box default PIE Select the number of sites to display in Top Sites reports default 10 Select the number of users to display in Top Users reports default 10 Select the number of sites to display in Sites by User reports default 5 10 Select the number of items to display in all other reports default 10 11 Select the number of entries per item to display in all other reports default 10 12 To only display data for a specified group of web sites enter the URL of each site separated by commas in the Site List field Because this field uses pattern matching entries such as yahoo com will display data for mail yahoo com shopping yahoo com and so on 13 To only display data for
82. blocked E autorii E Ra options 2 MyReportsView Y eMail Alert Settings user admin Logout gateway sonicwall com mm MyGateway Schedule for Notification of Alerts and FYI messages wines Weekday Lams ViewPoint Settings Schedule 1 nrajavasireddy sonicwall com 00 i lto 08 hours Alert Settings o8 kol 16 hours Schedule 3 nrajavasireddy sonicwal com 16 lta 00 hours eMail Alert Settings cs i a Weekend Saturday nrajavasireddy sonicwell com Sunday nrajavasireddy sonicwall com Send Summarization status eMail to administrator E Mail Format Preference H ML Plain Text SONICWALL SonicWALL ViewPoint 4 Configure the email address es that will receive notifications and the times that they will receive them e Schedule 1 Specifies who will receive notifications during the first weekday schedule Enter one or more email addresses separated by commas and specify the start and end time for the shift e Schedule 2 Specifies who will receive notifications during the second weekday schedule Enter one or more email addresses separated by commas and specify the start and end time for the shift e Schedule 3 Specifies who will receive notifications during the third weekday schedule Enter one or more email addresses separated by commas and specify the start and end time for the shift e Saturday Specifies who will receive notifications on Saturday Enter one or more email addr
83. blocked sites that users attempted to access most often over time see Viewing Blocked Site Attempts Over Time on page 75 e To view the users who made the most attempts to access blocked sites over time see Viewing the Top Blocked Site Users Over Time on page 78 e To view the top blocked sites that each user attempted to access over time see Viewing the Top Blocked Sites for Each User Over Time on page 80 Viewing the Web Filter Summary Report The Web Filter Summary report contains information on the number of times users attempt to access blocked sites for the specified day To view the Web Filter Summary report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Web Filter tree and click Summary The Summary page appears Figure 64 Viewing Reports 69 Figure 64 Summary Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD Osh she ravortes Aui O e SUDA Address https 4 10 0 14 156 sgms auth v Psearchweb go PageRank Kh 847 blocked E autori EJ Pa options gateway sonicwall com Summary user Web Filter Summary for June 27 2004 of Attempts Baeaeene o G SONICWALL SonicWALL ViewPoint Done internet a 5 The bar graph displays the number of blocked sites that users att
84. change the port follow these steps 1 Open the viewpointConfig xml file with a text editor 2 Add the following line to the end of the file before the lt Configuration gt section Parameter name syslog syslogServerPort value port_number where port_number is the new port number 3 Save the file and exit 149 150 The sgmsConfig xml File SonicWALL ViewPoint stores its configuration information in the sgmsConfig xml file The following table contains the contents of the sgmsConfig xml file Each of these parameters was configured dur ing installation or can be configured from the SonicWALL ViewPoint UI Table 1 The sgmsConfig xml File LANGUAGE COUNTRY debug installDir dbtype dbhost dbport dbname dbuser dbowner datasource dbpassword dbconnections dbdriver dburl syslog syslogParserPort syslog syslogServerPort syslog launchSyslogServer syslog forwardToHost syslog forwardToHostPort Specifies the language used by SonicWALL ViewPoint default en Specifies the country default US Specifies the debugging level Levels 0 1 2 or 3 The default setting 0 speci fies no debugging Specifies where SonicWALL ViewPoint is installed Specifies the type of database used Specifies the IP address of the database server Specifies the database port Specifies the database name This is encrypted using Tiny Encryption technol ogy Specifies the database username This is encrypted
85. ck Categories and make sure that every event category in the Categories area is selected except for Network Debug Then click Apply 7 When you are finished click Apply Configuring Access to a SonicWALL Appliance In order to use SonicWall ViewPoint the SonicWALL appliance must be configured to communicate with Son icWALL ViewPoint and the appliance must be added to the SonicWALL ViewPoint UI SonicWALL ViewPoint can access the appliance through the LAN or WAN interface If the access will occur through the LAN interface SonicWALL ViewPoint can log into the SonicWALL appliance using HTTP or HTTPS which are enabled by default If the access will occur through the WAN interface the SonicWALL appliance must be configured to allow remote access To configure remote access through the WAN interface follow these steps 1 Log into the SonicWALL 2 Expand the Access tree and click Management The Management page appears Figure 10 Configuring ViewPoint 23 Figure 10 Management Page SonicWALL Administration Microsoft Internet Explorer File Edit View Favorites Tools Help Qx x a JO search Sf Favorites Area E EASIER Address http 10 50 164 65 management html SONiCWAll gt I General ACCESS System Name System Contact System Location Get Community Name public Anti Virus Trap Community Name High Availability Host 1 _ Host 2 Host 3 Host 4 lt Logout STATUS T
86. ct the global icon a group or a SonicWALL appliance 4 Expand the Web Usage tree and click Over Time The Over Time page appears Figure 56 62 SonicWALL ViewPoint User s Guide Figure 56 Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q e GD Power Yerevates Qua O 2 SOSA Address https 4 10 0 14 156 sgms auth search web g PageRank Eh 847 blocked E autori Fa options al gateway sonicwall com Over Time user Web Activity from June 22 2004 to June 27 2004 o Ba ogeascea o SONICWALL i SonicWALL ViewPoint El Done a Internet il 5 The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Connections number of connections or hits e MBytes number of megabytes transferred e of Usage percentage of megabytes transferred during this day compared to the time period For exam ple if 100 000 megabytes of data was transferred during the time period and 25 000 megabytes was trans ferred on one day the of Usage field will display 25 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 57 Figure 57 Report Settings Dialog Box Bi ViewPoint Date Range Selector amp SONICWALL 8 S
87. cy file and exit 151 152 Using the Import Feature from Applet To use the SonicWALL ViewPoint Import option from a remote browser follow these steps 1 Open the java policy file with a text editor It is usually located in the following directory c Program Files JavaSoft JRE 1 3 lib security 2 Add the following line to the end of the file 3 permission granted to all domains to use ViewPoint Import option grant permission java io FilePermission lt lt ALL FILES gt gt read write delete execute permission java util PropertyPermission user home read write permission java lang RuntimePermission modifyThread he grant permission java lang RuntimePermission accessClassInPackage sun misc he Save the file and exit Securing Access to the ViewPoint Web Server This section describes how to configure SonicWALL ViewPoint to run using HTTPS Creating a Keystore with a Valid Test Certificate To configure SonicWALL ViewPoint to use HTTPS you must create a keystore with a valid test certificate To do this follow these steps 1 From the command line on the SonicWALL ViewPoint Console change to the following directory sgms_directory jre bin where sgms_directory is the directory where SonicWALL ViewPoint was installed Enter the following command keytool genkey alias spcert keyalg RSA keystore sgms_directory etc keystore 3 You are prompted to enter the keystore password
88. d Note Do not enter the single quote character in the SonicWALL Name field 4 Enter the username used to access your SonicWALL appliance in the SonicWALL Login Name field default admin 5 Enter the password used to access the SonicWALL appliance in the SonicWALL Password field 6 Enter the IP address that will be used to access the SonicWALL appliance in the SonicWALL IP Address field Note If SonicWALL ViewPoint is on the same LAN as the SonicWALL appliance or accesses it through a VPN tunnel enter the LAN IP address If SonicWALL ViewPoint will access the SonicWALL appliance from the WAN interface enter the WAN IP address 26 SonicWALL ViewPoint User s Guide 7 Enter the HTTP port number used to access your SonicWALL appliance in the SonicWALL HTTP Port field default 80 8 If SonicWALL ViewPoint will log into the SonicWALL appliance using secure HTTP HTTPS select the Enable HTTPS Management check box and enter the HTTPS port number in the SonicWALL HTTPS Port field default 443 9 Enter the serial number of the SonicWALL appliance in the Serial Number field 10 Click OK SonicWALL ViewPoint finds the SonicWALL appliance and validates its ViewPoint license When this is complete the SonicWALL appliance will appear in the left pane of the SonicWALL ViewPoint UI Deleting SonicWALL Appliances from SonicWALL ViewPoint To delete a SonicWALL appliance from SonicWALL ViewPoint follow these steps 1 Start and log i
89. d during the day and 500 intrusion attempts came through the activities of one source its of Intrusions field will display 50 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 143 Figure 143 Report Settings Dialog Box ViewPoint Date Range Selector SONICWALL May 11 2004 8 Select whether to display a chart and table or a table only Viewing Reports 133 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Top Intrusions Over Time The Intrusions Over Time report displays the top types of intrustions that occurred during the specified time period To view the Intrusions Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Intrusion Prevention tree and click Intrusions Over Time The Intrusions Over Time page appears Figure 144 Figure 144 Intrusions Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer Pek File Edit View F
90. d exceptions on the SonicWALL appliance e Intrusion Summary number of intrusions attempted on the SonicWALL appliance e Intrusions By Category displays the intrusion attempts that occurred sorted by category e Intrusions By Source displays the top source that generated intrusion attempts e Intrusions By Destinaton displays the top destinations that generated intrusion attempts 18 When you are finished click Add The new report will appear in the list on the Scheduled Reports page Note The report will run based on the settings that you specified and will use the default display settings To change the display settings see Configuring Presentation Options on page 24 Scheduling SonicWALL ViewPoint 145 Scheduling a Weekly or Monthly Report By default weekly reports are sent out every Monday at 03 00 GMT and contain information for the previous week Monthly reports are sent out on the second day of every month at 03 00 GMT and contain information for the previous month To change when they are sent see Configuring Email Archive Settings on page 22 To configure a new weekly or monthly report follow these steps 1 From the Scheduled Reports page click the Add Multi Day Report button The Multi Day Reports page appears Figure 156 Figure 156 Multi Day Reports Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help a Back x a D search Favorites Media A A E Address
91. displays the users who made the most VPN connections for the specified time period To view the Top Users report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the VPN Usage tree and click Top Users Over Time The Top Users Over Time page appears Figure 102 Figure 102 Top Users Over Time Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AQ Pear grons Que O A SGUD Address https 10 0 14 158 sgms auth svidfw00 Top Users Over Time user admin Top Users of YPN from June 22 2004 to June 27 2004 Heaoeoae a 10 50 8 11 svi0dc00 s us sonicwall com 10 0 14 160 10 50 6 10 131526 jbrady 13 7203 sv us sonicwall com 10 0144 218 naveent sv us sonicwall com 4519 a 5 The pie chart displays the VPN connections for the top VPN users 6 The table contains the following information e Users the IP address of the user e Connections number of VPN connections e of Connections percentage of VPN connections made by this user compared to all other users For example if 10 000 connections occurred during the period and 1 000 connections were made by one user the of Connections field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 103 Viewing Repo
92. e org apache tomcat service http HttpConnectionHandler gt lt Parameter name port value 80 gt lt Connector gt When you are finished it should look like the following lt Normal HTTP gt giera lt Connector className org apache tomcat service PoolTcpConnector gt lt Parameter name handler value org apache tomcat service http HttpConnectionHandler gt lt Parameter name port value 80 gt lt Connector gt gt 12 Save the file and exit 13 Restart the ViewPoint Web Server service Securely Accessing SonicWALL ViewPoint To securely access SonicWALL ViewPoint open a web browser and enter https viewpoint_address where viewpoint_address is the address of the SonicWALL ViewPoint server If you are using a Windows server modify the desktop shortcut and make sure it points to https localhost 153 154 SonicWALL ViewPoint User s Guide APPENDIX B Customized Reports The scheduled reports generated by the SonicWALL ViewPoint Scheduler service contain several elements that can be customized These include e Logo at the top left corner of the report default is SonicWALL logo e Heading section at the top right comer of the report default is SonicWALL Reporting e Chart and table colors e Background colors e Font types and size e Displayed text Note Table fonts and text can not be altered Customizing Reports To customize reports follow these steps 1 Create
93. e 27 2004 oooonon oonan Peter Brant Rick Linford o Jeremy Home Tom Drill George Hlebak Prasad Bevra Mariette Gammon Kevin Randall SONICWALL 5 The pie chart displays the amount of data transferred for each policy 6 The table contains the following information Policy name of the policy e Events number of VPN events e MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred for this policy compared to all other policies For example if a total of 10 000 megabytes was transferred and 2 500 megabytes was transferred for one pol icy the of Usage field will display 25 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 97 Figure 105 Report Settings Dialog Box ViewPoint Settings Microsof EES SONICWALL Report Display Settings o PE Select Report Date Mon Tue Thu Fri Sat i 2 4 5 8 9 1u f2 15 16 18 119 j2 23 25 26 29 130 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box Viewing Reports 103 10 Select the year month and day that you would like to view 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect
94. e following procedures e Review the installation requirements See Installation Overview on page 14 Install SonicWALL ViewPoint see Installation on page 15 Register SonicWALL ViewPoint see Installation on page 15 Installing SonicWALL ViewPoint 13 Installation Overview In order to install and run SonicWALL ViewPoint you must be logged in as the administrator and the SonicWALL ViewPoint server must meet the following requirements e Windows 2000 or Windows XP Professional e Ifaccessed from the WAN interface the SonicWALL appliance must have a static IP address Otherwise it may have either a static or dynamic IP address e Local and remote browser access Microsoft Internet Explorer 6 x e 750 MHz or faster processor e Minimum 512 MB RAM e Atleast 85 MB of free disk space 14 SonicWALL ViewPoint User s Guide Installation When you are ready to install SonicWALL ViewPoint follow these steps 1 Log on to the computer as administrator 2 Insert the SonicWALL ViewPoint CD ROM or locate the SonicWALL ViewPoint install file on the network Double click the setup exe The Introduction screen appears Figure 1 Figure 1 Introduction Screen W SonicWALL ViewPoint 2 8 Fs InstallAnywhere will guide you through the installation of SonicWALL ViewPoint 2 8 Use the Next button to proceed to the next screen If you want to change something in a previous screen click the Previous button You
95. ed Rights as that term is defined in the DOD Supplement to the Federal Acquisition Regulations DFAR in paragraph 252 227 7013 c 1 If the Software is supplied to any unit or agency of the United States Government other than DOD the Government s rights in the Software will be as defined in paragraph 52 227 19 c 2 of the Federal Acquisition Regulations FAR Use duplication reproduction or disclosure by the Govern ment is subject to such restrictions or successor provisions Contractor Manufacturer is SonicWALL Inc 1160 Bordeaux Drive Sunnyvale California 94089 MISCELLANEOUS This SLA represents the entire agreement concerning the subject matter hereof between the parties and supersedes all prior agreements and representations between them It may be amended only in writing executed by both parties This SLA shall be governed by and construed under the laws of the State of California as if entirely performed within the State and without regard for conflicts of laws Should any term of this SLA be declared void or unen forceable by any court of competent jurisdiction such declaration shall have no effect on the remaining terms hereof The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches TERMINATI
96. ed for timezone Timezone text font type font face Arial Timezone text font size font size 1 Timezone text font color font color FFFFFF white 157 158 SonicWALL ViewPoint User s Guide APPENDIX C Messages Message Text CONFIG Route not available to the destination IP Route not available to the destination IP Cannot decide where to send layer 3 broadcast due to src IP ROUTING Layer 3 broadcast dropped due to Src IP CONFIG Unknown Peer type in PDE Unknown Peer type in PDE CONFIG Manual keying for remote clients is not supported ESP AH manual keying for remote clients is not supported CONFIG Unknown protocol in PDE Unknown protocol in PDE Out of BRAM space Cannot save PDE SYSTEM CAPACITY Call Sales BRAM capacity reached Last policy not saved Out of BRAM space Cannot restore all PDE s Upgrade failed SYSTEM CAPACITY Revert to prior release BRAM capacity reached Call sales Failed to get free frame buffer SYSTEM CAPACITY Call Customer Support if message reoccurs Frame Buffer Out of memory SYSTEM CAPACITY Memory error or capacity reached Warm start and monitor DRAM checksum error SYSTEM ERROR Call Customer Support if message reoccurs DRAM Checksum Out of memory Cannot restore all PDE s Upgrade failed SYSTEM CAPACITY Revert to prior release Call Sales Memory allocation error ULA
97. elect whether to display a chart and table or a table only Viewing Reports 63 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Top Sites Over Time The Top Sites Over Time report displays the most visited web sites for the specified time period To view the Top Sites Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click Top Sites Over Time The Top Sites Over Time page appears Figure 58 Figure 58 Top Sites Over Time Page SonicWALL ViewPoint Microsoft Internet Explorer He File Edit View Favorites Tools Help Q O h AQ Asan Krons Que O 2 SIO E Address https 10 0 14 158 sams auth ead g PaseRank Eh 847 blocked f Autcrll E Fa options 2 gateway sonicwall com Top Sites Over Time user admin TT 5 ao Top Visited Web Sites from June 22 2004 to June 27 2004 na oa j TIT pone 1_ JM re on licensemanager sonic software sonicwall c
98. empted to access during each hour of the day 6 The table contains the following information e Hour time when the sample was taken e Attempts number of attempts to access blocked sites e of Attempts percentage of attempts during this hour compared to the day For example if 100 attempts occurred during the day and 20 attempts occurred at the 12 00 time period the of Attempts field will display 20 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 65 Figure 65 Report Settings Dialog Box a Report Settings Micro E x SONICWALL Report Display Settings 5 12 19 26 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day 70 SonicWALL ViewPoint User s Guide Viewing the Web Filter Top Sites Report The Web Filter Top Sites report displays the top blocked web sites that users attempted to access on the specified date To view the Top Sites report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Filter tree and click Top Sites The Top Sites page appears Figure 66 Figure 66 Top Sites Page i SonicWALL ViewPoint M
99. ened SOFTWARE PRODUCT to your place of pur chase for a full refund The SOFTWARE PRODUCT is licensed not sold You acknowledge and agree that all right title and interest in and to the SOFTWARE PRODUCT including all associated intellectual property rights are and shall remain with SonicWALL This SLA does not convey to you an interest in or to the SOFTWARE PRODUCT but only a limited right of use revocable in accordance with the terms of this SLA oThe SOFTWARE PRODUCT 1s licensed as a single product oYou may also store or install a copy of the SOFTWARE PRODUCT on a storage device such as a network server used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network oYou may not resell or otherwise transfer for value rent lease or lend the SOFTWARE PRODUCT oThe SOFTWARE PRODUCT is trade secret or confidential information of SonicWALL or its licensors You shall take appropriate action to protect the confidentiality of the SOFTWARE PRODUCT You shall not reverse engi neer de compile or disassemble the SOFTWARE PRODUCT in whole or in part The provisions of this section will survive the termination of this SLA oYou agree and certify that neither the SOFTWARE PRODUCT nor any other technical data received from Son icWALL nor the direct product thereof will be exported outside the United States except as permitted by the laws and regulations of the United States which may require U S Govern
100. eq Revd PPP IPCP Term Req Revd IPCP Term Ack Sent PPP IPCP Term Ack Sent IPCP Term Ack Revd PPP IPCP Term Ack Revd PPP PPPoE login failed Check username password and try again PPPoE Authentication failed Check username password and try again PPP PPPoE Info PPPoE Info PPP Received CHAP Auth request Received CHAP Auth request CHAP authentication sent PPP CHAP authentication sent CHAP authentication success PPP CHAP authentication success CHAP authentication failure PPP CHAP authentication failure PADI Sent PPPoE Looking for Servers PADI PADO Revd PPPoE Available Server PADO PADR Sent 163 PPPoE Selected a Server PADR PADS Revd PPPoE Server Confirms Selection PADS PADT Sent PPPoE Terminate Session Sent PADT PPPoE Discovery Complete PPPoE Discovery Complete PPPoE Discovery Failed PPPoE Discovery Failed PPPoE Service Name Error PPPoE Service Name Error PPPoE Concentrator Error PPPoE Concentrator Error PPPoE Generic TAG Error PPPoE Generic TAG Error PPPoE Network Disconnected due to inactivity PPPoE Connection established RADIUS Sent Challenge Client Sent RADIUS ACCESS_CHALLENGE Client RADIUS Authentication successful RADIUS Authentication successful
101. esses sepa rated by commas and specify the start and end time for the shift e Saturday Specifies who will receive notifications on Sunday Enter one or more email addresses sepa rated by commas and specify the start and end time for the shift 5 Select whether the email will be sent in HTML or Plain Text 6 When you are finished click Update The settings are saved 34 SonicWALL ViewPoint User s Guide Configuring Reporting Settings This section describes how to configure reporting settings These include how often the summary information is updated the number of days that summary information is stored and the number of days that raw data is stored These reports are constructed from the most current available summary data In order to create summary data Son icWALL ViewPoint must parse the raw data files Note Because reports are based on the most current summary data the report may be old For example if the data was summarized four hours ago all activity that occurred since the last summary will be missing from the report When configuring SonicWALL ViewPoint you can select the amount of summary information to store Summary information consumes approximately one kilobyte of information per SonicWALL appliance per day Make sure the database is large enough to accommodate the number of days that you choose Additionally you can select the amount of raw data to store The raw data is made up of information for every c
102. ettings and start over click Reset Note The maximum size of the SonicWALL ViewPoint User ID is 24 alphanumeric characters The password is one way hashed and any password of any length can be hashed into a fixed 32 character long internal pass word Configuring Presentation Options SonicWALL Viewpoint uses a default group of settings that specifies the types of charts and the amount of data that is displayed This settings can be changed during a session but will be cleared once you log out To change the default settings for your user ID follow these steps 1 Start and log into SonicWALL ViewPoint as the user whose default settings you will modify Configuring ViewPoint 29 2 3 Click the Console tab Expand the User Settings tree and click Report Settings The Report Settings page appears Figure 20 Figure 20 Report Settings Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q ax Q x a KA Es Search J Favortes meda 2 RA E la 23 B M Address amp https 10 0 14 158 sgms auth x B Go Links Psearchweb g PageRank Eh e47 blocked fg AutoFill E g options Console Panel e Reports user admin C Ready Reports pea Chart and Table O Table Only Default Chart Type Summary Over Time Charts BAR v amp MyReportsView pem gateway sonicwall com oon i User Based Charts BAR B Number Of Items Num
103. eway sonicwall com MyGateway poem MyTzw Stat svi0fw00 Soy Monitor Top Users Over Time Top Users Over Time ts Console SONICWALL ina Toa The pie chart displays the percentage of bandwidth transferred by each user The table contains the following information e Users the IP address of the user e Connections number of events or hits e MBytes number of megabytes Logout of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the top user the of MBytes field will display 20 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top users To change these set tings click Settings The Report Settings dialog box appears Viewing Reports 45 Figure 37 Report Settings Dialog Box a Report Settings Micro a x SONICWALL Report Display Settings Sun Mon Tue Wed Thu Fri Sat 1 2 38 4 o B 9 11 12 15 a6 18 19 22 23 24 25 26 30 Select Users comma separated Generate Report Close 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 To display a limited group of users enter the user IDs in the Select Users field and separate each
104. for June 27 2004 settings J Boe ane o oo oo o Report produced for timezone Pacific Time US amp Canada 3 5 The bar graph displays the amount of bandwidth used by each service during each hour of the day 6 The table contains the following information e Protocol the service e Events number of events or hits e MBytes number of megabytes e of MBytes percentage of megabytes transferred by this service on the selected day compared to all other services For example if 1 000 megabytes were transferred and 900 megabytes were handled by the HTTP service the of Mbytes field will display 90 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 111 Viewing Reports 107 Figure 111 Report Settings Dialog Box a Report Settings Micro E SONICWALL Report Display Settings 5 12 47 23 24 2 30 31 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session 108 SonicWALL ViewPoint User s Guide Viewing Attack Reports Attack reports show the number of attacks that were directed at or through the selected
105. for all similar reports during your active login session Viewing the Top VPN Policies Over Time The By Policy Over Time report displays the top VPN Policies for the specified time period To view the By Policy Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the VPN Usage tree and click By Policy Over Time The By Policy Over Time page appears Figure 106 Figure 106 By Policy Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer BEE File Edit View Favorites Tools Help O X BOD Psat Jeres Aua O Z SDA Address https 10 0 14 158 sgms auth v BBsearch web g PageRank Fh 847 blocked E autor E Pa options A svidfwo0 By Policy Over Time user admin Ee D 4 Top Policies from June 22 2004 to June 27 2004 ono oon Anoe Oore oa MUU oon Events Nathan Crapo2 5347 Naveen Rajavasireddy 349 Jeremy Home 3991 Kevin Randall 4544 Steve Cornell 5805 Prasad Bevra 1986 Atul Dhablania 3173 Rick Linford 3248 SONICWALL fol SonicWALL ViewPoint o o 5 The pie chart displays the VPN connections for the top policies 6 The table contains the following information e Policy name of the policy e Events number of VPN events e MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred for this polic
106. found Peer SYSTEM ERROR ISAKMP race condition found Peer SYSTEM ERROR Check Policy decryption halted Unknown crypto algorithm Payload not decrypted SYSTEM ERROR Check Policy encryption halted SonicWALL ViewPoint User s Guide Unknown crypto algorithm Payload not encrypted Mismatch Protocol Port Check SYSTEM ERROR Mismatch Protocol Intf Check Bad SPI in Packet SrcIP Status SPI1 SPI22 InSPI IPSEC Bad SPI in Packet SrcIP LocalSPI InSPI Internal error Bad SA type SYSTEM ERROR Call customer service Bad SA Type Failed to start ISAKM phase I rekey Invalid SA SYSTEM ERROR Call customer service if frequent IKE Rekey aborted Could not find the IPSEC SA to remove IPSEC SA to terminate can not be found Client SA Terminated IPSEC Client SA Terminated Memory allocation error ISAKMP aborted Peer SYSTEM CAPACITY Call Sales IKE Memory Peer CONFIG IKE Unknown Protocol to negotiate Peer Unknown protocol to negotiate ISAKMP aborted Peer IPSEC Cannot match OmniTraversal Packet to active SA Peer Received ESPThruUDP packet outside an SA Peer COMFIG IKE Unknown authentication method ISAKMP aborted Unknown authentication method ISAKMP aborted CONFIG IKE Unknown crypto algorithm Unknown crypto algorithm ISAKMP aborted In
107. g ViewPoint 31 Figure 22 SonicWALL ViewPoint Alert Settings Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O x A CD Asan Mci Qhi O 2 SaD Address https 10 0 14 158 sqmsfauth Google i Y search web g PageRank Eh 847 blocked YE autoril C Ea options 2 ik MyReportsView Console Panel gateway sonicwall com m MyGateway MyTzw svl0fwO0 ViewPoint Settings Alert Settings Sessi eMail Alert Settings SONICWALL Alert Settings user admin v Eco Links Logout E Mail Alert Receiver Schedule Weekday Schedule 1 nrajavasireddy sonicwall com o0 to 08 hours Schedule 2 nrajavasireddy sonicwall com Schedule 3 nrajavasireddy sonicwall com 08 Vito 18 hours 18 Mto 00 hours Weekend Saturday nrajavasireddy sonicwall com Sunday nrajavasireddy sonicwall com E Mail Alert Format Preference OuT L O Plain Text SonicWALL ViewPoint 4 Configure the email address es that will receive notifications and the times that they will receive them e Schedule 1 Specifies who will receive notifications during the first weekday schedule Enter one or more email addresses separated by commas and specify the start and end time for the shift e Schedule 2 Specifies who will receive notifications during the second weekday schedule Enter one or more email addresses separated by commas and specify t
108. gging in and out of SonicWALL ViewPoint To start and log into SonicWALL ViewPoint follow these steps 1 Do one of the following e If you are logging in locally double click the SonicWALL ViewPoint icon on your desktop e Ifyou are logging in from a remote location open a web browser and enter http viewpoint_ipaddress sgms login or http viewpoint_ipaddress or http localhost The SonicWALL ViewPoint login page appears Figure 5 SonicWALL ViewPoint Login Page SonicWALL ViewPoint Login Screen Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A CH Osh she ravortes Aua O Ba Jes dh Address https 10 0 14 158 samsflagin y gao Links Google v Bsearchweb go PaseFank Chaco blocked E Palontins Please log in User ID Password Submit SONICWALL SonicWALL ViewPoint 2 Enter the SonicWALL ViewPoint user ID default admin and password default password Note After the password is entered an authenticated management session is established that times out after 5 min utes of inactivity The default time out can be changed from the General ViewPoint Password page on the Console Panel For the security purposes it is highly recommended to change the default password for the user admin The maxi mum size of the SonicWALL ViewPoint User ID is 24 alphanumeric characters If the password is more than 32 characters long it will automatically be truncated 3
109. gure 108 Viewing Reports 105 Figure 108 By Policy Hourly Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help OQ x aA JO search She Favorites Sra O 2 Bae amp M Address https 10 0 14 158 sgms auth vy Ec v BBsearchweb g Pageank Gh 847 blocked E avoni Pa options A al svidfw00 By Policy Hourly u admin Logout gateway sonicwall com MyGateway MyTzw svl0fwOO a Top YPN Policies By Hour for June 27 2004 Displaying records 1 10 of 24 Policy 0 00 1 00 Paal Tveit 2 Rick Linford Mariette Gammon Naveen Rajavasireddy Mike Wickizer Jeremy Home Cameron Bigler Tom Drill George Hlebak Peter Brant Beene B 1 00 2 00 Rick Linford Jeremy Home Paal Tveit 2 Cameron Bigler Peter Brant Mike Wickizer Jeff Jeziorski Home Kevin Randall Naveen Rajavasireddy Steve Cornell G ao a a 2 00 3 00 Jeremy Home Cameron Bigler SONICWALL 5 The table contains the following information Hour period of time e Policy name of the policy e Events number of VPN events e MBytes number of megabytes transferred 6 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 109 Figure 109 Report Settings Dialog Box a Report Settings h Micro l SONICWALL Report Display
110. h day of the specified time period 6 The table contains the following information e Date when the sample was taken e Connections number of hits e MBytes number of megabytes transferred e of Usage percentage of megabytes transferred during this day compared to the time period For exam ple if 100 000 megabytes of data was transferred during the time period and 25 000 megabytes was trans ferred on one day the of Usage field will display 25 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 39 Report Settings Dialog Box ViewPoint Date Range Selector 3 SONICWALL 8 Select whether to display a chart and table or a table only Viewing Reports 47 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Users of Bandwidth Over Time The Top Users report displays the users who used the most bandwidth on the specified date To view the Top Users Over Time report follow these steps 1 Start and log into SonicWALL V
111. he global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Errors Over Time The Errors Over Time page appears Figure 126 Viewing Reports 119 Figure 126 Errors Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD Osh she ravortes Aui O e GUDA Address https 4 10 0 14 156 sgms auth 4 PSearch Web ge PageRank Eh 847 blocked E Autor EJ Pa Options A gateway sonicwall com Errors amp Exceptions Over Time user admin D D J 3 4 A MyReportsView a Dropped Packets amp Exceptions from June 22 2004 to June 27 2004 Morag ooon oon G 100 0 SONICWALL SonicWALL ViewPoint 5 The bar graph displays the number of packets that were dropped during each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Dropped Packets number of dropped packets e of Errors percentage of dropped packets on this day compared to the time period For example if 10 000 packets were dropped during the time period and 1 000 packets were dropped on Wednesday its of Attacks field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 127 Figure 127 Report Settings Dialog Box ViewPoint Date Range Selector X SONICWALL 8
112. he most mail bandwidth see Viewing the Top Users of Mail Bandwidth on page 91 e To view mail usage over a period of time see Viewing Mail Usage Over Time on page 92 e To view the users who consume the most mail bandwidth over time see Viewing the Top Users of Mail Band width Over Time on page 94 Viewing the Mail Usage Summary Report The Mail Usage Summary report contains information on the amount of mail handled by a SonicWALL appliance or group of SonicWALL appliances during the specified day To view the Mail Usage Summary report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Mail Usage tree and click Summary The Summary page appears Figure 88 Viewing Reports 89 Figure 88 Summary Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD Osh ge ravortes Aua O e GUDA Address https 4 10 0 14 156 sgms auth Ee D 3 al svidfwoo Summary user a Mail Usage for June 27 2004 Bo eos oo noon B 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 SONICWALL SonicWALL ViewPoint 5 The bar graph displays the amount of mail sent and received during each hour of the day 6 The table contains the following information e Hour when the sample was taken e Events nu
113. he start and end time for the shift e Schedule 3 Specifies who will receive notifications during the third weekday schedule Enter one or more email addresses separated by commas and specify the start and end time for the shift e Saturday Specifies who will receive notifications on Saturday Enter one or more email addresses sepa rated by commas and specify the start and end time for the shift e Saturday Specifies who will receive notifications on Sunday Enter one or more email addresses sepa rated by commas and specify the start and end time for the shift 5 Select whether the email will be sent in HTML or Plain Text 6 When you are finished click Update The settings are saved Managing ViewPoint Sessions To manage SonicWALL ViewPoint login sessions follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Console Panel tab at the bottom of the SonicWALL ViewPoint user interface UI 3 Expand the Management tree and click Sessions The Sessions page appears Figure 23 32 SonicWALL ViewPoint User s Guide Figure 23 Sessions Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help QO xX AM LEN aie eu 2 S BBW 8 Address https 10 0 14 15 sgmsfauth i EJs ins v Psearch web g PageRank fh 647 blocked E AutoFill E Fa Options Bi MyReportsView Sessions user admin Logout gateway sonicwall com MyGateway
114. here were no changes made 3 From the Management Method section select from the LAN interface and remotely from the WAN interface from the Managed pull down menu 4 Click Update 5 Click the Add Service tab The Add Service page appears Figure 11 Figure 11 Add Service Page SonicWALL Administration Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A GH seach ferais Aua O 2 BEL Address http 10 50 164 65 management html MPE ACCESS SONICWALL gt General Log Services added here will appear in the Services page Add a known service Custom Service _ MI Or add a custom service Name Advanced Key Exchange IKE 500 17 VPN z E Z Name Service DNS 53 17 __ ven Port Range Name Senice DNS 53 6 Anti Virus Napster 7777 6 Napster 8875 6 High Availability feo EE Agal TCP Port UDP Port or ICMP Type Logout STATUS The following parameter had problems New Service Name 6 Select HTTPS Management from the Add a Known service list and click Add 7 Click the Rules tab The Rules page appears Figure 12 24 SonicWALL ViewPoint User s Guide Figure 12 Rules Page F SonicWALL Administration Microsoft Internet Explorer File Edit View Favorites Tools Help Om O HAO Ame km Que 2 2B Address http 10 50 164 65 management html 3 ACCESS SONICHA I General Current Network Access Rules eerie AES Gee Destia
115. http 4678 80 LAN 06406 2004 17 43 49 10 50 163 130 128 121 256 136 tepihttp 4678 80 LAN 06 06 2004 17 42 37 10 50 163 129 192 168 168 10 udp 161 162 LAN 06 06 2004 17 39 37 10 50 163 130 216 148 227 68 udpicins 2275 53 LAN 06 06 2004 17 39 01 10 50 163 130 128 121 256 136 tepihttp 4677 80 LAN 06 06 2004 17 38 49 10 50 163 130 128 121 256 136 tepihttp 4677 80 LAN 06 06 2004 17 34 34 10 50 163 130 216 148 227 658 udp dns 2275 53 LAN 06 06 2004 17 34 01 10 50 163 130 206 204 187 25 tepihttp 4676 80 LAN 06 06 2004 17 33 48 10 50 163 130 206 204 187 25 tephttp 4676 80 LAN 06 06 2004 17 31 34 10 50 163 129 192 168 168 110 udp 161 162 LAN 06 06 2004 17 29 34 10 50 163 130 216 148 227 68 udp dns 2275 53 LAN 10 50 163 130 206 204 187 25 tepihttp 4675 80 LAN y a SonicWALL Global Management System SONICWALL 7 ipo fandard Edition 13 Search through the entries to find the information for which you are searching To view the next page of entries click Next 14 To generate another report click Search again in the Log Viewer Tree 142 SonicWALL ViewPoint User s Guide CHAPTER 5 Scheduling SonicWALL ViewPoint SonicWALL ViewPoint can automatically send reports to any e mail addresses that you specify To view currently scheduled reports or configure new reports follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Configuration tree and click Schedu
116. icWALL ViewPoint 143 Scheduling a Daily Report By default daily reports are sent out once a day at 03 00 GMT and contain information for the previous day To change when they are sent see Configuring Email Archive Settings on page 22 To configure a new daily report follow these steps 1 From the Scheduled Reports page click the Add Daily Report button The Daily Reports page appears Figure 155 Figure 155 Daily Reports Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Om O HAG Pwo ferme Sue E SORA ss https 10 0 14 158 sgms auth P search web g Paseank Eh 847 blocked YE AutoFill Pa Options A svidfwoo Scheduled Reports use 5 Single Day EMail Report Configuration Heese imail sonicwall com oona 000661020738 SONICWALL i i SonicWALL ViewPoint 5 Done Internet 2 Enter a name for the report in the Scheduled Report Name field 3 To send the report select the Email check box 4 By default the SonicWALL ViewPoint will use the Simple Mail Transfer Protocol SMTP server that was specified during installation To change it enter the IP address or hostname of the SMTP server in the SMTP Server Address field 5 Enter the Destination e mail addresses in the Destination Email Addresses field Make sure each e mail address is separated by a semicolon 6 By default SonicWALL ViewPoint will use the e mail address of
117. icWALL ViewPoint displays the report for the selected day Viewing the Attacks by Category The Attacks by Category report displays the attacks that occurred on the specified date sorted by category To view the Attacks by Category report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Attacks tree and click By Category The By Category page appears Figure 114 110 SonicWALL ViewPoint User s Guide Figure 114 By Category Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Pear rons Que O O CaBWIOLE Address https 4 10 0 14 156 sgms auth GS Searchweb go PageRank Eh e47 blocked E autoni E Pa Options A eports svidfwo0 By Category user Summary of Attacks by Category for June 27 2004 BH Enea a oon IPS Prevention Alert P2P Outbound GNUTella client request G SONICWALL i SonicWALL ViewPoint a Opening page https 10 0 14 158 sqms reportcontrol action showPage amp page reports topTenReport jsp amp report_id 240Mevel 38node_id Internet 5 The pie chart displays the percentage of each type of attack To view source and destination information on the individual attacks expand the category tree indicated by a sign 6 The table contains the following information e Type the type of attack e Attacks number of attacks e of Attacks
118. icrosoft Internet Explorer File Edit View Favorites Tools Help Q OAD Pear rons Que O 2 SBA Address https 4 10 0 14 156 sgms auth GS Searchweb go PageRank Eh e47 blocked E auon E Fa Options A eport gateway sonicwall com Top Sites user admin Logout Top Filtered Web Sites for June 27 2004 settings Ga A V 4 OC E Bee o 100 0 100 0 o Report produced for timezone Pacific Time US amp Canada SONICWALL fered SonicWALL ViewPoint Done a Internet al 5 The graph provides a display of the number of access attempts for each of the top twenty blocked web sites 6 The table contains the following information e Site URL or IP address of the site e Attempts number of attempts e of Attempts percentage of attempts to access the blocked site compared to all other blocked site attempts For example if 500 attempts were made during the day and 100 of those attempts were for www badsite com its of Attempts field will display 20 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 67 Viewing Reports 71 Figure 67 Report Settings Dialog Box a Report Settings Micro a SONICWALL Report Display Settings 4 5 6 7 11 12 13 4 k 18 19 20 21 26 27 28 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you w
119. iewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Bandwidth tree and click Top Users Over Time The Top Users Over Time page appears Figure 40 Figure 40 Top Users Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD Osh se ravortes Aua O 2 SUDA Address https 10 0 14 158 sams auth Links v BPsearch web go PageRank Fh 847 blocked fe auton E fajoptions 5 MyReportsview gateway sonicwall com Top Users Over Time user admin Logout pe gateway sonicwall com j MyGateway Lm MyTzw Top Users of Bandwidth from June 22 2004 to June 27 2004 Staal sviOfw00 E oon WY H MBytes svl0winsO0 sv us sonicwall com 19163 588 svi0dc00 sv us sonicwall com 4071 902 svi0dc01 sv us sonicwall com 1920 323 us0exb01 us sonicwall com 1611 899 Ba oe og G us0exb02 us sonicwall com 1502 966 svprint1 sv us sonicwall com 915 276 mmenke 7103 sv us sonicwall com Beer SONICWALL cel SonicWALL ViewPoint Done internet 5 The pie chart displays the percentage of bandwidth transferred by each user 6 The table contains the following information e Users the IP address of the user e Connections number of events or hits e MBytes number of megabytes e of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000
120. iewPoint The ViewPoint page appears 3 4 5 Enter the ViewPoint License Key provided by mysonicwall com in the Enter Upgrade Key field Click Apply Restart the SonicWALL for the change to take effect Installing SonicWALL ViewPoint 19 20 SonicWALL ViewPoint User s Guide CHAPTER 3 Configuring ViewPoint This chapter describes configure SonicWALL ViewPoint Select from the following e To configure a SonicWALL appliance for SonicWALL ViewPoint see Configuring a SonicWALL Appliance for SonicWALL ViewPoint on page 22 e To configure access settings see Configuring Access to a SonicWALL Appliance on page 23 e To add a SonicWALL appliance to SonicWALL ViewPoint see Adding a SonicWALL Appliance to Son icWALL ViewPoint on page 26 e To delete a SonicWALL appliance from SonicWALL ViewPoint see Deleting SonicWALL Appliances from SonicWALL ViewPoint on page 27 e To modify a SonicWALL appliance s settings see Modifying Settings for a SonicWALL Appliance on page 28 e To change the SonicWALL ViewPoint password see Changing ViewPoint Login Password on page 29 e To configure ViewPoint settings see Configuring General ViewPoint Settings on page 31 e To manage ViewPoint sessions see Managing ViewPoint Sessions on page 32 e To configure reporting settings see Configuring Reporting Settings on page 35 Configuring ViewPoint 21 Configuring a SonicWALL Appliance
121. ime displays the daily amount of mail handled by the SonicWALL appliance for the week or month e Mail Usage Top Users Over Time displays the top Mail users for the week or month e Attacks Over Time displays the daily number of attacks attempted during the week or month e Attacks Categories Over Time displays the attacks that occurred during the week or month sorted by category e Attacks Sources Over Time displays the top sources of attacks during the week or month e Attacks Errors and Exceptions Over Time number of errors and exceptions on the SonicWALL appli ance during the week or month e VPN Usage Over Time displays daily number of VPN connections during the week or month e VPN Usage Top Users Over Time displays the users who used the most VPN bandwidth during the week or month e Drop Packets Over Time displays the number of packet errors during the week or month e VPN By Policy Over Time displays VPN usage by policy during the week or month e Intrusions Over Time number of intrusions attempted on the SonicWALL appliance during the week or month e Intrusions By Categories Over Time displays the intrusion attempts that occurred during the week or month sorted by category e Intrusions By Sources Over Time displays the top source that generated intrusion attempts during the week or month e Intrusions By Destinatons Over Time displays the top destinations that generated intrusion attempts dur
122. indicated by a sign 6 The table contains the following information e Source source of the attack e Attacks number of attacks e of Attacks percentage of attacks from this source compared to other sources For example if 2 000 attacks occurred during the time period and 1 000 attacks occurred from a source its of Attacks field will display 50 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 123 118 SonicWALL ViewPoint User s Guide Figure 125 Report Settings Dialog Box ViewPoint Date Range Selector X SONICWALL May 11 2004 May 10 2004 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Errors Over Time The Errors Over Time report displays the number of errors during the specified time period To view the Errors Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select t
123. ing the week or month 19 When you are finished click Add The new report will appear in the list on the Scheduled Reports page Scheduling SonicWALL ViewPoint 147 148 SonicWALL ViewPoint User s Guide APPENDIX A Technical Tips Uninstalling the ViewPoint Web Server from the DOS Prompt To uninstall the SonicWALL ViewPoint Web Server from the DOS prompt change to the lt sgms_directory gt Tom cat bin directory and enter the following command service uninstall ViewPoint Web Server Changing the ViewPoint Web Server Port Number During installation you can specify a different port number for the ViewPoint Web Server To do so follow these steps 1 Open the following file lt viewpoint_directory gt Tomcat conf server xml 2 Locate the following line Parameter name port value 80 3 Change the default value of 80 to another port number 4 Save the file and exit Changing the SonicWALL ViewPoint IP Address If you changed the IP address of the SonicWALL ViewPoint server follow these steps 1 Stop all SonicWALL ViewPoint services 2 Execute the following SQL commands from a DOS window osql U lt userid gt P lt password gt Q update sgmsdb dbo schedulers set ipAddress new ip where ipAddress old ip 3 Restart all SonicWALL ViewPoint services Changing the Default Syslog Server Port Number By default the SonicWALL ViewPoint syslog server default port number is 514 on Windows systems To
124. ion enter All 6 To save the changes click Submit General Report Settings To configure SonicWALL ViewPoint settings follow these steps 1 Start and log into SonicWALL ViewPoint Configuring ViewPoint 35 2 Click the Console tab 3 Select a SonicWALL appliance 4 Expand the Reports tree and click Summarizer The Summarizer page appears Figure 26 Figure 26 Summarizer Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q ex Q x a EA JO search J Favortes QD meda O 2B Re 3 La a3 B D Address https 10 0 14 158 samsfauth o i T Google j v amp searchweb go PaseFank Eh 847 blocked E O Faotions MyReportsView s l b Summarizer user admin pomm gateway sonicwall com pem MyGateway pam MyTzw Reports Data Summarization Interval Staal svIOF WOO Summarize every 04 V 00 x Log Viewer Settings Next Scheduled Summary Time Summarizer mm dd yyyy hh min Services Summarize Data Immediately Summarize Now Email Archive N Reports Summarization Data for Top Usage Number Of Top Sites a v m Number Of Top Users Al v Number Of Top Sites Per User Al v losize2004 17 vw 37 m update Days to store Summarized Reports data in Database Days To Store Summarized Data 30 update Delete Syslog Data Daily at 00 15 x update J te Delete Summarized Data For mm dd yyyy update J Summarized Reports Data Available Foll
125. ive login session Viewing Intrusions by Destination Over Time The Destinations Over Time report displays the top destinations from which intrustions were attempted during the specified time period To view the Destinations Over Time report follow these steps l 5 6 7 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 Expand the Intrusion Prevention tree and click Destinations Over Time The Destinations Over Time page Select the global icon a group or a SonicWALL appliance appears Figure 140 Figure 140 Destinations Over Time Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Om O h A GD owe gerne San O 2 SBIOLE Address https 10 0 14 158 sqms auth PageRank Fh 847 blocked E 4 svidfwo0 Destinations Over Time user admin Intrusions by Destination from June 22 2004 to June 27 2004 7 SERRE a a ES Bao en eas a Destination Intrusions of Intrusions svi0dc00 sv us sonicwall com 10 0 92 2 usDexb02 us sonicwall com gx15003039 sv us sonicwall com 10 50 8 10 svi0de01 sv us sonicwall com naveent sv us sonicwall com 10 0 30 49 SONICWALL The bar graph displays the number of attacks attempted each day of the specified time period The table contains the following information e Destination IP address or hostname of the destination e Intrusions number of intrusions
126. ization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Attacks by Category Over Time The Categories Over Time report displays the number of attacks in each attack category during the specified time period To view the Categories Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Categories Over Time The Categories Over Time page appears Figure 122 116 SonicWALL ViewPoint User s Guide Figure 122 Categories Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Pear rons Que O 2 CaWIOLE Address https 4 10 0 14 156 sgms auth svidfwo0 Categories Over Ti Top Attacks from June 22 2004 to June 27 2004 Pa BH Enea a IP spoof dropped 33 Source Destination 192 168 40 40 63 241 60 70 192 168 11 31 10 50 175 255 192 168 11 30 10 50 175 255 172141 2 216 23 181 206 oon G 192 168 168 169 192 43 244 18 192 168 11 99 10 50 175 255 SONICWALL
127. ized management of a SonicWALL appliance To view the Admin Login report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Authentication tree and click Admin Login The Admin Login page appears Figure 148 Viewing Reports 137 Figure 148 Admin Login Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help QG X BD Psat Ye ross Aua O Z SISOS E Address https 10 0 14 158sqmsfauth JPE g PaseRank fh 847 blocked FE sutor E Ea options sviofw00 Admin Login Logout a Admin Logins for June 27 2004 settings J cap Displaying records 1 3 of 3 ono nog 11 54 41 on Report produced for timezone Pacific Time US amp Canada oo SONICWALL SonicWALL ViewPoint 5 The table contains the following information e User the user name e Time time the user logged in 6 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 149 Figure 149 Report Settings Dialog Box a Report Settings Micro E SONICWALL Report Display Settings Select Report Date k b 4 5 6 F ho 41 12 13 14 17 18 19 20 21 24 25 2 27 28 300 31 7 Select the type of chart to display from the View Settings area 8 Select the year month and day that you would like to
128. k Settings The Reporting Date Range Selector dialog box appears Figure 79 80 SonicWALL ViewPoint User s Guide Figure 79 Report Settings Dialog Box A ViewPoint Date Range Selector X SONICWALL 7 Select whether to display a chart and table or a table only 8 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 9 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Reports 81 Viewing File Transfer Protocol Reports FTP usage reports provide information on the amount of FTP usage that occurs through the selected SonicWALL appliance s FTP usage reports can be used to view FTP bandwidth usage by the hour day or over a period of days Addition ally you can view the top users of FTP bandwidth General bandwidth reports do not always provide a complete picture of network bandwidth usage If a large amount of FTP traffic occurs during peak times you might need more bandwidth you might need to upgrade network equipment or you might ask employees to use compression or transfer large files during non peak times Note All reports appear in the Firewalls time zo
129. k Submit To save all information enter All Summarized data consumes approximately one kilobyte of information per SonicWALL appliance per day Make sure the database is large enough to accommodate the number of days that you choose 11 The Summary Data Available Until field displays when the data was last summarized To re summarize any data enter a date and time and click Update Adding a Service SonicWALL ViewPoint can monitor known services or custom services To add a service that will be displayed in the services reports follow these steps 36 SonicWALL ViewPoint User s Guide 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Expand the Reports tree and click Services The Services page appears Figure 27 Figure 27 Services Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q xk gt x BEA JO search Sie Favortes Media amp 2 e B B amp M Address https 10 0 14 158 sams auth a Ss wR Search web g PageRank Dh s47 blocked FE autoril E Fa options Services user admin Logout v Ed Go Links amp MyReportsView ii gateway sonicwall com pem MyGateway Ready Services for SonicWALLs tea F Add a known service Custom Service v Services Available For Summarization og Viewer Settings L e Authentication 113 6 ome i ForS Name Service DNS 53 17 Add a custom service Enhanced TV 9000 6 Email Archive
130. le names Table 2 Report File Elements Element Element Parameter Default Value Main body background color body bgcolor 95B5CD light blue Banner background color bgcolor 071F4F dark blue Banner border color bordercolor 000000 black Logo image img src images mainLogo2 gif Logo image link href http www sonicwall com Logo image size width and height 200 and 73 respectively Logo image name alt SonicWALL Logo Logo image background color bgcolor FFFFFF white Banner title SonicWALL ViewPoint Banner title font type font face Verdana Arial Helvetica sans serif Banner title font size font size 2 Banner title font color font color 000000 black Banner text unit report Scheduled Report for SonicWALL appliance at IP address Banner text group report Scheduled Report for SonicWALL Group Banner text font type font face Verdana Arial Helvetica sans serif Banner text font size font size 1 Banner text font color font color 000000 black Name bar background color Bgcolor 0C2C56 Name bar text For example Web Usage Top Sites By User for Bandwidth Over Time from Overtime from Bandwidth Summary for Name bar text font type font face Verdana Arial Helvetica sans serif Name bar text font size font size 1 Name bar text font color font color FFFFFF white Chart background color setChartBackground FFFFFF white Chart plot color setPlotAreaBackground Varies for each report Timezone text Report produc
131. led Reports The Scheduled Reports page appears Figure 154 Figure 154 Scheduled Reports Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa O x A CD _P search She Favortes P meio 2 2 B BW B Q Address https 10 0 14 158 sqmsjauth Eeo Links v BBsearchwWeb go PageRank Eh 847 blocked E Faoptions sviofw00 Scheduled Reports user admin Logout MyReportsView previ gateway sonicwall com poll MyGateway peel MyTzw Sow tl svIO FOO x gt 3 4 Add Additional Scheduled Reports Summary of Scheduled Reports XML Format iim Unit Daily Reports gt SONICWALL el SonicWALL ViewPoint 5 The Scheduled Reports page contains a list of currently scheduled reports To edit a report select its radio but ton and click Edit To delete a report select its radio button and click Delete 6 To e mail a currently scheduled report now click E mail Reports Now Note Scheduled reports will send data for the previous day week or month If you click E mail Reports Now information for the current period will be reported based on the most recently summarized data This will not affect the normally scheduled report Select from the following e To create a new daily report see Scheduling a Daily Report on page 144 e To create a new weekly or monthly report see Scheduling a Weekly or Monthly Report on page 146 Scheduling Son
132. lert Settings Managing ViewPoint Sessions Configuring Email Alert Setting Notifications Configuring Reporting Settings Configuring Log Viewer Settings General Report Settings Adding a Service Configuring Email Archive Settings Chapter 4 Viewing Reports Viewing Status Reports Viewing the Status Summary Report Viewing Status Over Time Viewing Bandwidth Reports Viewing the Bandwidth Summary Report Monitoring Bandwidth Usage in Real Time Viewing the Top Users of Bandwidth Viewing Bandwidth Usage Over Time Viewing the Top Users of Bandwidth Over Time Viewing Service Usage Reports Monitoring Service Usage in Real Time Viewing the Services Summary Report 23 26 27 28 29 29 29 31 31 31 32 33 35 35 35 36 37 39 39 39 41 42 42 44 44 46 48 50 50 51 Adding a Service 52 Viewing Web Usage Reports 54 Viewing the Web Usage Summary Report 54 Viewing the Top Web Sites 56 Viewing the Top Users of Web Bandwidth 57 Viewing Web Usage by User 59 Viewing Web Usage by Site 61 Viewing Web Usage Over Time 62 Viewing Top Sites Over Time 64 Viewing Top Users Over Time 65 Viewing Bandwidth Usage By User Over Time 67 Viewing Web Filter Reports 69 Viewing the Web Filter Summary Report 69 Viewing the Web Filter Top Sites Report 71 Viewing the Top Users that Try to Access Blocked Sites 72 Viewing the Top Blocked Sites for Each User 74 Viewing Blocked Site Attempts Over Time 75 Viewing the Top Blocked Site Attempts Over Time
133. line check box To send the file as an email attachment make sure this check box is deselected Note Reports can only be sent inline when all data is sent in a single report 10 To archive the file on the server s hard disk select the Archive check box and enter a path in the Save Direc tory field Specify the directory where the file will be archive in the Save Directory field 11 Select whether the report will be sent Weekly or Monthly 12 Optional To specify a specific date enter the date in the Report Date field 13 If you are using custom reports specify the folder location of the template files in the Template Folder Name field For more information see Appendix B Customized Reports 14 To compress the reports into a single file select the Zip Reports into a single file check box 146 SonicWALL ViewPoint User s Guide 15 To include all of the data in a single report select the Include all data in a single report check box 16 To password protect the Zip file select the Password Protect the Zip File check box and enter the password in the Password field 17 To only display data for a specified group of web sites or users enter the URL of each site and username of each user separated by commas in the User Server Filter field Because this field uses pattern matching entries such as yahoo com will display data for mail yahoo com and shopping yahoo com Entries such as john will display data for j
134. ll com 2917 Total 100 0 u Report produced for timezone Pacific Time US amp Canada SONICWALL i SonicWALL ViewPoint 5 The pie chart displays the top users with the most blocked site attempts 6 The table contains the following information e Users the IP address of the user e Attempts number of attempts e of Attempts percentage of attempts to access the blocked site compared to all other user attempts For example if 500 attempts were made during the period and 250 of those attempts were made by a single user his of Attempts field will display 50 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 77 Figure 77 Report Settings Dialog Box e ViewPoint Date Range Selector T SONICWALL 8 Select whether to display a chart and table or a table only Viewing Reports 79 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Blocked Sites for Each User Over Time The Web Filter By User report displays the top
135. ll stay in effect for all similar reports during your active login session Top Intrusions The Top Intrusions report displays the types of intrustions that occurred on the specified date To view the Top Intrusions report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Intrusion Prevention tree and click Top Intrusions The Top Intrusions page appears Figure 134 126 SonicWALL ViewPoint User s Guide Figure 134 Top Intrusions Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q a A E Psh Yerevetes Qua O 2 SRIOSE Address https 4 10 0 14 156 sgms auth GS Search web go PageRank Eh 47 blocked E suori E fal Options A MyReports View al sviofw00 Top Intrusions user admin lll gateway sonicwall com Top Intrusions for June 27 2004 BOEnEaeaS 6 of Intrusions 7327 100 0 Intrusions of Attacks Intrusions IPS Detection Alert ICMP Echo Reply 2502 341 SID 316 IPS Prevention Alert P2P Outbound GNUTella client SONICWALL Fel SonicWALL ViewPoint 5 The pie chart displays the percentage of each type of intrusion attempt To view source and destination informa tion on the individual intrusion attempts expand the category tree indicated by a sign 6 The table contains the following information e Category the type of intrusion Int
136. lorer File Edit View Favorites Tools Help Q O h AQ Pear grons Que O 2 SGUD Address https 10 0 14 158 sgms auth B MyReportsView gateway sonicwall com MyGateway Bo ene o oo oon E 10 50 162 129 kwokna2 sv us sonicwall com gharidas 7085 sv us sonicwall com 10 0 67 92 svi0mon00 s us sonicwall com 100 0 SonicWALL ViewPoint 5 The pie chart displays the percentage of mail sent and received by the top mail users The table contains the following information e Users the IP address of the user e Events number of mail messages sent and received e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred by this user compared to all users For example if 10000 kilobytes of data was transferred during the day and 2000 kilobytes was transferred by the top user the of KBytes field will display 20 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top users To change these set tings click Settings The Report Settings dialog box appears Figure 91 Viewing Reports 91 Figure 91 Report Settings Dialog Box ViewPoint Settings Microsof AE SONICWALL Report Display Settings Sun Mon Tue wed i 2 B ls 9 ho jis 16 17 22 23 24 ze 29 s0 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of char
137. may quit the installer at any time by clicking the Cancel button KA SonicWALL ViewPoint InstallAnywhere by Zaro 5 3 Click Next The License Agreement screen appears Figure 2 Figure 2 License Agreement Screen 2 SonicWALL ViewPoint 2 8 Installation and Use of SonicWALL ViewPoint 2 8 Requires Acceptance of the Following License Agreement Software License Agreement For SonicWall VIEWPOINT H Software License Agreement ae Thi gt Q This Sofware License Agreement SLA is a legal agreement between you and SonicWALL Inc SonicWALL for the SonicWALL software product identified above which includes SonicWAI computer software and any and all associated media printed materials and online or electronic documentation SOFTWARE ViewPoint PRODUCT By opening the sealed package s installing or otherwise using the SOFTWARE PRODUCT you agree to be bound by the terms OJ l do NOT accept the terms of the License Agreement 4 Select from the following e To accept the terms of the license agreement select I accept the terms of the License Agreement and click Next The Choose Install Folder screen appears Figure 3 e To not accept the terms select I do NOT accept the terms of the License Agreement and click Next The SonicWALL ViewPoint installation program closes and the product will not install Installing SonicWALL ViewPoint 15 Figure 3 Choose
138. mber of mail events e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred during this hour compared to the day For example if 10 000 kilobytes of mail was transferred during the day and 1 000 kilobytes was transferred at the 12 00 time period the of KBytes field will display 10 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 89 Figure 89 Report Settings Dialog Box a Report Settings Micro E x SONICWALL Report Display Settings Select Report Date vT 2008 v Wed Thu Fri 5 6 7 12 13 14 19 20 21 26 27 28 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you would like to view 90 SonicWALL ViewPoint User s Guide 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing the Top Users of Mail Bandwidth The Top Users report displays the users who sent and received the most mail on the specified date To view the Top Users report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 Expand the Mail Usage tree and click Top Users The Top Users page appears Figure 90 Select a SonicWALL appliance Figure 90 Top Users Page SonicWALL ViewPoint Microsoft Internet Exp
139. megabytes of data was transferred during this period and 200 megabytes was transferred by the top user the of MBytes field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears 48 SonicWALL ViewPoint User s Guide Figure 41 Report Settings Dialog Box A ViewPoint Date Range Selector amp 2004 2004 2004 2004 2004 2004 2004 2004 Select Users comma separated Generate Report Close 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 To display a limited group of users enter the user IDs in the Select Users field and separate each entry with a comma Note This field does not use pattern matching For example john will not match john_smith john42 or big john 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Reports 49 Viewing Service Usage Reports Service reports provide information on the amount of data transmitted through the selected SonicWALL appliance by each
140. ment export approval licensing Failure to strictly comply with this provision shall automatically invalidate this License LICENSE SonicWALL grants you a non exclusive license to use the SOFTWARE PRODUCT for a number of SonicWALL Internet Security Appliances This number is specified and shipped with the SOFTWARE PRODUCT Support for additional SonicWALL Internet Security Appliances is subject to a separate upgrade license OEM If the SOFTWARE PRODUCT is modified and enhanced for a SonicWALL OEM partner you must adhere to the software license agreement of the SonicWALL OEM partner UPGRADES If the SOFTWARE PRODUCT is labeled as an upgrade you must be properly licensed to use a product identified by SonicWALL as being eligible for the upgrade in order to use the SOFTWARE PRODUCT A SOFTWARE PRODUCT labeled as an upgrade replaces and or supplements the product that formed the basis for your eligibility for the upgrade You may use the resulting upgraded product only in accordance with the terms of this SLA If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product the SOFTWARE PRODUCT may be used and transferred only as part of that single product pack age and may not be separated for use on more than one computer DISTRIBUTION RIGHTS To i net SPRINTAO 2000 DRIVER SonicWALL has been given a non exclusive worldwide license by i net soft ware GmbH to distribute directly a
141. mith john42 or big john 11 When you are finished click Close SonicWALL ViewPoint refreshes the report based on the selected settings Note These settings will stay in effect for all similar reports during your active login session Viewing Web Usage by Site The By Site report displays a list of all sites the users that accessed the sites the number of hits to each site and the amount of data transferred To view the By Site report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click By Site The By Site page appears Figure 54 Figure 54 By Site Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help OQ x A CD seach Favos Ami O R https 10 0 14 158 sgms auth QP Search web ge PageRank Eh 847 blocked 5 D 5 Logout ooon Top Visited Web Sites By Site for June 27 2004 settings J cg Hem sviOftwOO Displaying records 1 2 of 2 Site User licensemanager sonic svl0fw02 sv us sonicwall com software sonicwall c svi0fw02 sv us sonicwall com Report produced for timezone Pacific Time US amp Canada B SONICWALL i SonicWALL ViewPoint 5 The table contains the following information e Site the URL of the site e User the top users that visited the site default 10 e Hits number of hits to the web site
142. n Failed Peer CONFIG Client VPN request but no policy from No client group defined ISAKMP cannot be initiated Peer IPSEC Normal Session lifetime has expired for Peer IPSEC SA lifetime expired Peer COMFIG No policy defined for Peer ISAKMP responder No PDE defined for Client or server Peer Cannot find ISAKMP authentication preshared key CONFIG Cannot find preshared key No conn entry with message ID to verify QM SYSTEM ERROR Lost state of IPSEC rekey will reset ISAKMP Responder could not find gateway MAC address SYSTEM ERROR IKE Could not find gateway MAC address Bad IPSEC protocol transform COMFIG Bad IPSEC protocol transform DHCP Received request to send DHCP records from 165 Received request to send DHCP records Internal error client hash table has bad flag SYSTEM ERROR Watch for reoccurrence Client Table corrupted Bad DES transform COMFIG IKE Bad DES transform COMFIG IKE Found inconsistent transform ISAKMP Responder found inconsistent transforms CONFIG IKE Unsupported payload type IPSEC Session rekey failed Quick Mode processing failed IKE SA lifetime expired with Peer ISAKMP SA lifetime expired Peer IKE Received Keep alive packet IKE Discard out of sequence packet Peer CONFIG extra proposals after AH and ESP
143. n abnormal interrupt Tunnel Status VPN Performance for PDE Sent Rcvd Lost Min Max Avg 170 SonicWALL ViewPoint User s Guide
144. n rons Que O 2 CaWIOLE Address https 4 10 0 14 156 sgms auth MyReportsView sviofw00 Summary user admin ml gateway sonicwall com VPN Usage Summary for June 27 2004 BREE ene a oono o SONICWALL Poel SonicWALL ViewPoint 5 The bar graph displays the number of VPN connections made during each hour of the day 6 The table contains the following information e Hour when the sample was taken e Connections number of VPN connections e of Connections percentage of VPN connections during this hour compared to the day For example if 10 000 connections occurred during the day and 1 000 connections occurred during the 2 00 time period the of Connections field will display 10 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 97 Figure 97 Report Settings Dialog Box a Report Settings Micro E x SONICWALL Report Display Settings 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing Reports 97 Viewing the Top VPN Users The Top Users report displays the users who made the most VPN connections on the specified date To view the Top Users
145. nd indirectly through SonicWALL s distribution channels the i net SPRINTAO 2000 driver to SonicWALL s end user customers to use the driver with SonicWALL ViewPoint SonicWALL s end user customers may make a copy of the driver for backup or archival purposes only SonicWALL s end user cus tomers are not allowed to make other copies transfer re distribute use translate or reverse assemble compile the driver with any other non SonicWALL applications i net software GmbH holds copyright and title to the i net SPRINTAO 2000 Driver To Microsoft s SQL Server Developer s Edition MSDE This software incorporates Microsoft s SQL Server Developer s Edition MSDE and your use is subject to the terms and conditions of Microsoft s MSDE End User License Agreement a copy of which is available on Microsoft s website lt http www microsoft com sql howto buy deveula asp gt To Quest Software s formerly Sitraka JClass ServerChart This software incorporates Quest Software s formerly Sitraka JClass ServerChart and your use is subject to the terms and conditions of Quest s Jclass License Agreement a copy of which is available on Quest s website lt http java quest com jclass licensing shtm gt SUPPORT SERVICES SonicWALL may provide you with support services related to the SOFTWARE PRODUCT Support Services Use of Support Services is governed by the SonicWALL policies and programs described in the user manual in online documenta
146. ne Select from the following e To view a summary of the daily FTP bandwidth usage see Viewing the FTP Summary Report on page 82 e To view the users who consume the most FTP bandwidth see Viewing the Top Users of FTP Bandwidth on page 83 e To view FTP bandwidth usage over a period of time see Viewing FTP Bandwidth Usage Over Time on page 85 e To view the users who consume the most FTP bandwidth over time see Viewing FTP Bandwidth Usage Over Time on page 85 Viewing the FTP Summary Report The FTP Summary report contains information on the amount of FTP bandwidth handled by a SonicWALL appli ance or group of SonicWALL appliances during the specified day To view the FTP Summary report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the FTP Usage tree and click Summary The Summary page appears Figure 80 Figure 80 Summary Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD Osh she ravortes Aui O e Lia Jes Address https 10 0 14 158 sqms auth v BPsearchweb ge PageRank Kh 847 blocked E O Palontins A Ee D 3 MyReports View rts A svidfwoo Summary user admin pe gateway sonicwall com i MyGateway a MyTzw im svIOfWOO FTP Usage for June 27 2004 Hence o gog non B 01 00 02 00 03 00 0
147. ne or more SonicWALL appliances e Log Viewer SonicWALL ViewPoint includes the Log Viewer to search the database for a specific firewall activity type e Top Usage Reports SonicWALL ViewPoint includes a large range of reports that display the top sites top users and top sites per user e Concurrent login sessions Multiple users and administrators can log into SonicWALL ViewPoint concur rently e Syslog reporting SonicWALL ViewPoint generates reports based on the stream of syslog data received from each SonicWALL appliance e Embedded MSDE database SonicWALL ViewPoint installs MSDE database to store raw and summarized syslog traffic from each SonicWALL appliance e Supports Windows 2000 Professional and Windows XP Professional SonicWALL ViewPoint software can be installed on a Windows server that is located on the SonicWALL appliance s LAN or WAN network e Supports most SonicWALL Internet Security Appliances SonicWALL ViewPoint supports 2nd and 3rd generation SonicWALL appliances including the new SonicWALL Wireless product e SonicWALL firmware SonicWALL ViewPoint supports SonicWALL appliances running firmware 6 3 1 4 and above and SonicWALL Wireless product running SonicOS 1 0 and above Introducing SonicWALL ViewPoint 11 12 SonicWALL ViewPoint User s Guide CHAPTER 2 Installing SonicWALL ViewPoint This chapter describes how to install or upgrade SonicWALL ViewPoint To install SonicWALL ViewPoint complete th
148. ng the Intrusion Prevention Summary Report The Attack Summary report contains information on the number of attempted intrusions on a SonicWALL appli ance or group of SonicWALL appliances during the specified day To view the IPS Summary report follow these steps 1 2 3 5 Start and log into SonicWALL ViewPoint Click the Reports tab Select the global icon a group or a SonicWALL appliance Expand the Intrusion Prevention tree and click Summary The Summary page appears Figure 128 Figure 128 Summary Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q sx Q x a JO search Sie Favorites Media B A E Address https 10 0 14 158 sgms auth Ee D 3 a au svidfwoo Summary user admin Intrusion Summary for June 27 2004 Hae en eos of Intrusions SONICWALL Pon SonicWALL ViewPoint Done Internet The bar graph displays the number of intrusions attempted during each hour of the day The table contains the following information e Hour when the sample was taken e Attacks number of intrusion attempts e of Attacks percentage of intrusions during this hour compared to the day For example if 1 000 intru sions occurred during the day and 100 intrusions occurred during the 2 00 time period the of Intrusions field will display 10 122 SonicWALL ViewPoint User s Guide 6 SonicWALL
149. nto SonicWALL ViewPoint The Status page appears Figure 16 Figure 16 Status Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q sak Q x a A JO search She Favorites Media B amp E i a B M ess https 10 0 14 158 sgms auth O Bdontions Bi MyReportsView sports user admin Logout H gateway sonicwall com Refresh Add Unit Modify Unit Delete Unit Node g ALL Mot SonicWALL PRO 2040 Serial Number 000661110750 Firmware Version SonicOS Standard 2 2 0 0 acific Time US amp Canada lot Licensed Ca ee goo oo Getting Started With ViewPoint V SONICWALL 5 SonicWALL ViewPoint 2 Select a unit in the left pane of the SonicWALL ViewPoint UI 3 Right click the unit and select Delete Unit from the pop up menu You are prompted to confirm the deletion 4 Click Yes The SonicWALL appliance disappears from the left pane of the SonicWALL ViewPoint UI and will be deleted from the ViewPoint database Configuring ViewPoint 27 Modifying Settings for a SonicWALL Appliance To change the settings of a SonicWALL appliance whether you are changing the IP address password or other set tings follow these steps 1 Start and log into SonicWALL ViewPoint The Status page appears Figure 17 Figure 17 Status Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q ex Q x a G
150. o consume the most VPN bandwidth see Viewing the Top VPN Users on page 98 e To view VPN bandwidth usage over a period of time see Viewing VPN Usage Over Time on page 99 e To view the users who consume the most VPN bandwidth over time see Viewing VPN Usage Over Time on page 99 e To view the users who consume the most VPN bandwidth over time see Viewing the Top VPN Users Over Time on page 101 e To view VPN usage by policy see Viewing VPN Usage by Policy on page 102 e To view VPN usage by policy over time see Viewing the Top VPN Policies Over Time on page 104 e To view hourly VPN usage by policy see Viewing Hourly VPN Usage by Policy on page 105 e To view VPN services usage see Viewing the VPN Services Summary Report on page 107 Viewing the VPN Usage Summary Report The VPN Usage Summary report contains information on the number of VPN connections made through a SonicWALL appliance or group of SonicWALL appliances during the specified day To view the VPN Usage Summary report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the VPN Usage tree and click Summary The Summary page appears Figure 96 96 SonicWALL ViewPoint User s Guide Figure 96 Summary Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD As
151. obal icon a group or a SonicWALL appliance 4 Expand the FTP Usage tree and click Over Time The Over Time page appears Figure 84 Viewing Reports 85 Figure 84 Over Time Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help O O HAO Paw ferme Our OE SBO Address https 10 0 14 158 sqmsfauth r PSearch Web gS PesRank Gh 847 blocked f autori E Pa options al svidfwo0 Over Time user admin p D J 3 4 A gateway sonicwall com MyGateway MyTzw svi0fwOO a FTP Activity from June 22 2004 to June 27 2004 ooo oa Ba geod B 1103 498 210 007 1219 396 455 38 9 442 SONICWALL o SonicWALL ViewPoint 5 The bar graph displays the amount of FTP bandwidth transferred during each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Connections number of FTP connections e MBytes number of megabytes transferred e of Usage percentage of megabytes transferred during this day compared to the time period For exam ple if 10 000 megabytes of FTP data was transferred during the time period and 2 500 megabytes of FTP data was transferred on one day the of Usage field will display 25 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 85 Figure 85 Report Settings Dialog Box ViewPoin
152. ohnm 123john and so on 18 Select the reports that will be included in the e mail message e Status Over Time displays the status of the SonicWALL appliance for the week or month e Bandwidth Over Time displays the daily amount of traffic handled by the SonicWALL appliance for the week or month e Bandwidth Top Users Over Time displays the top users of bandwitdth handled by the SonicWALL appliance for the week or month e Web Usage Over Time displays the daily amount of HTTP bandwidth handled by the SonicWALL appli ance for the week or month e Web Usage Top Sites Over Time displays the top sites for the week or month e Web Usage Top Users Over Time displays the top users for the week or month e Web Usage By Users Over Time displays the web usage by users for the week or month e Web Filter Over Time displays the number of attempts that were made to access blocked web sites for the week or month e Web Filter Top Sites Over Time displays the top filtered sites for the week or month e Web Filter Top Users Over Time displays the top users trying to access filtered sites for the week or month e Web Filter By Users Over Time displays web filtering by user for the week or month e FTP Usage Over Time displays the daily amount of FTP bandwidth handled by the SonicWALL appli ance for the week or month e FTP Usage Top Users Over Time displays the top FTP users for the week or month e Mail Usage Over T
153. on nection Depending on the amount of traffic this can quickly consume an enormous amount of space in the data base Be very careful when selecting how much raw information to store Configuring Log Viewer Settings To configure Log Viewer settings follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Console tab 3 Select a SonicWALL appliance 4 Expand the Reports tree and click Log Viewer Settings The Log Viewer Settings page appears Figure 25 Figure 25 Log Viewer Settings Page Z SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD Preach she ravortes Aua O A SUDA Address https 10 0 14 158 samsjauth y Eco Links Google v amp Searchweb gH PaseFank Eh 847 blocked E A O Palortions A MyReportsView Console Panel 2 Log Viewer Settings user admin Logout pe gateway sonicwall com Ready jp MyGateway Ll MyTzw Data Storage Configuration Stal sviOfw00 Days To Store Raw Data 30 Pas aaea Eaa Note Limiting the number of days to store will increase the overall performance of your ViewPoint system Summarizer and limits the size of the Database Max limit is 2GB Services Email Archive SONICWALL Pan SonicWALL ViewPoint 2 javascript daysrawdatabase_task 5 Specify how many days of raw data SonicWALL ViewPoint will store in the database from the Days To Store Raw Data list box and click Submit To save all informat
154. onicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Om O MAG Powe fero See O ESOO Address https 10 0 14 158 sqmsfauth E30 im al gateway sonicwall com By User n Logout oon x Top Visited Web Sites By User for June 27 2004 Displaying records 1 1 of 1 Hits svi0fw02 sv us sonicwall com Site licensemanager software sonic Report produced for timezone Pacific Time US amp Canada Baoeaag oon SONICWALL i SonicWALL ViewPoint 5 The table contains the following information e User the IP address of the user e Hits number of hits to each web site visited by the user e MBytes number of megabytes transferred 6 To change the display settings click Settings The Report Settings dialog box appears Figure 53 Figure 53 Report Settings Dialog Box a Report Settings Micro ai SONICWALL Report Display Settings Select Users comma separated _Generate Report _ Close 7 Select the number of users that will be displayed from the Number of Users list box 60 SonicWALL ViewPoint User s Guide 8 Select the type of chart from the Chart Type list box 9 Select the year month and day that you would like to view 10 To display a limited group of users enter the user IDs in the Select Users field and separate each entry with a comma Note This field does not use pattern matching For example john will not match john_s
155. onnectionHandler gt lt Parameter name port value 8443 gt lt Parameter name SocketFactory value org apache tomcat net SSLSocketFactory gt lt Connector gt gt 8 Remove the comment characters lt gt 9 Change the port value from 8443 to 443 10 Enter the following lines below the port entry lt Parameter name keypass value keystore password gt lt Parameter name keystore value sgms_directory etc keystore gt lt Parameter name CclientAuth value false gt where keystore password is the keystore password that you entered when creating the certificate and sgms_ directory is the directory where SonicWALL ViewPoint was installed The following is an example of a modified server xml entry lt Connector className org apache tomcat service PoolTcpConnector gt lt Parameter name handler value org apache tomcat service http HttpConnectionHandler gt lt Parameter name port value 443 gt lt Parameter name keypass value sgmsl11 gt lt Parameter name keystore value D SGMS2 etc keystore gt lt Parameter name clientAuth value false gt lt Parameter name sSocketFactory value org apache tomcat net SSLSocketFactory gt lt Connector gt 11 To disallow normal HTTP traffic locate and comment out the following section lt Normal HTTP gt lt Connector className org apache tomcat service PoolTcpConnector gt lt Parameter name handler valu
156. ons user admin a Errors amp Exceptions for June 27 2004 Boao oes eo B G SONICWALL 5 The bar graph displays the packets that were dropped during each hour of the day 6 The table contains the following information Hour when the sample was taken e Packets number of dropped packets e of Packets percentage of packets dropped during this hour compared to the day For example if 1 000 packets were dropped during the day and 100 packets were dropped during the 1 00 time period the of Packets field will display 10 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 119 Figure 119 Report Settings Dialog Box a Report Settings Micro a x SONICWALL Report Display Settings G Select Report Date 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day 114 SonicWALL ViewPoint User s Guide Viewing Attack Reports Over Time The Attacks Over Time report displays the daily number of attempted attacks during the specified time period To view the Attacks Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab
157. ools Help a Q X A QD Psn Yeats Sum O 2 SB Address https 10 0 14 158 samsjauth x Bao inks Google v Psearchweb ge PageRank Eh 847 blocked E 4 MyReports View j gateway sonicwall com pe MyGateway pem MyTzw im svIOfwOO E D 2 svidfwoo Summary user admin Logout Attack Summary for June 27 2004 Hea eoge os 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 o SonicWALL ViewPoint m intemet The bar graph displays the number of attacks attempted during each hour of the day The table contains the fol lowing information e Hour when the sample was taken e Attacks number of attack attempts e of Attacks percentage of attacks during this hour compared to the day For example if 1 000 attacks occurred during the day and 100 attacks occurred during the 2 00 time period the of Attacks field will display 10 Viewing Reports 109 6 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 113 Figure 113 Report Settings Dialog Box a Report Settings Micro a x SONICWALL Report Display Settings G Select Report Date 5 6 12 13 20 27 7 Select the type of chart to display from the View Settings area 8 Select the year month and day that you would like to view 9 When you are finished click Close Son
158. or dialog box appears Figure 95 94 SonicWALL ViewPoint User s Guide Figure 95 Report Settings Dialog Box A ViewPoint Date Range Selector X SONICWALL 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Reports 95 Viewing VPN Usage Reports VPN Usage reports provide information on the amount of VPN usage that occurs through the selected SonicWALL appliance s VPN Usage reports can be used to view VPN usage by the hour day or over a period of days Additionally you can view the top users of VPN General bandwidth reports do not always provide a complete picture of network bandwidth usage If a large amount of VPN traffic occurs you might need to add bandwidth upgrade network equipment or reconfigure the VPN net work Note All reports appear in the Firewalls time zone Select from the following e To view a summary of the daily VPN bandwidth usage see Viewing the VPN Usage Summary Report on page 96 e To view the users wh
159. other user attempts For example if 500 attempts were made during the day and 250 of those attempts were made by a single user his of Attempts field will display 50 7 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top users To change these set tings click Settings The Report Settings dialog box appears Figure 69 Figure 69 Report Settings Dialog Box ViewPoint Settings Microsof ES SONICWALL Report Display Settings ma Select Report Date Mon Tue Wed Thu Fri Sat 1 k 4 5 6 ls fs hi h2 f3 15 f6 is i9 fzo 22 23 25 26 27 29 30 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view Viewing Reports 73 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Blocked Sites for Each User The Web Filter By User report displays the top blocked web sites that each user attempted to access on the specified date To view the Web Filter By User report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Filter tree and click By User The By User page a
160. ould like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing the Top Users that Try to Access Blocked Sites The Web Filter Top Users report displays the users who made the most attempts to access blocked sites on the spec ified date To view the Top Users report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Filter tree and click Top Users The Top Users page appears Figure 68 72 SonicWALL ViewPoint User s Guide Figure 68 Top Users Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q x BD Power Yerevotes Qua O 2 SRIOSE Address https 10 0 14 158 sqmsfauth GS Search web go PageRank Fh e47 blocked E autor fal Options A al gateway sonicwall com Top Users user admin a Top Filtered Web Sites By User for June 27 2004 ooon Custom List Total 250 100 0 svi0dc00 sv us sonicwall com Ba ogeesce G Report produced for timezone Pacific Time US amp Canada SONICWALL i SonicWALL ViewPoint 5 The pie chart displays the top users with the most blocked site attempts 6 The table contains the following information e Users the IP address of the user e Attempts number of attempts e of Attempts percentage of attempts to access the blocked site compared to all
161. owing is the time the Summarizer completed its last run You can change the settings appropriately to resummarize data for any required days w lt SONICWALL SonicWALL ViewPoint 5 For improved scalability reporting summarization can be distributed among the Agents To enable distributed summarization select the Enable Distributed Summarizer check box 6 Specify how often SonicWALL ViewPoint processes and updates summary information from the Time Between Summaries list box and click Update 7 To specify the next summary time enter a date and time in the Next Scheduled Summary Time field and click Update 8 To update the summary information now click Summarize Data Immediately SonicWALL ViewPoint will automatically process the latest information and make it available for immediate viewing Note This will not affect the normally scheduled updates 9 Configure the following report setting defaults e Select the default number of sites that will be displayed in Top Sites reports from the Number of Top Sites list box e Select the default number of users that will be displayed in Top Users reports from the Number of Top Users list box e Select the default number of sites that will be displayed in Top Sites Per User reports from the Number of Top Sites Per User list box 10 Specify how many days of summarized data the SonicWALL ViewPoint will store in the database from the Days To Store Summarized Data list box and clic
162. p Users report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the FTP Usage tree and click Top Users The Top Users page appears Figure 82 Viewing Reports 83 Figure 82 Top Users Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Ox AOD Pwr erns Que O A SEWIOLE Address https 10 0 14 158 samsjauth svidfwo0 Top Users user admin ao Top Users of FTP for June 27 2004 ao og Ba oeene a 212 203 23 210 6 608 10 0 202 87 4 271 10 50 128 129 1 425 8 5 67 115 116 163 0 669 51 10 50 16 206 0 279 21 10 50 128 200 0 098 07 10 50 128 201 0 093 07 SONICWALL i SonicWALL ViewPoint Done E o a 5 The pie chart displays the percentage of bandwidth used by each user To view the sites visited by each user expand the user s site tree indicated by a sign 6 The table contains the following information e Users the IP address of the user e Events number of FTP Events e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred by this user compared to all users For example if 10000 kilobytes of data was transferred during the day and 2000 kilobytes was transferred by the top user the of KBytes field will display 20 7 By default SonicWALL ViewPoint shows
163. percentage of this type of attack compared to all other attack types For example if 5 000 attacks occurred during the day and the IP Spoof makes up 500 of the attacks its of Attacks field will display 10 7 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top categories To change these settings click Settings The Report Settings dialog box appears Figure 115 Figure 115 Report Settings Dialog Box 3 ViewPoint Settings Microsof i Eg SONICWALL Report Display Settings Mon Tue Thu Fri Sat 1 k 4 5 8 9 1u 12 15 f6 18 f9 22 23 25 26 29 130 8 Select the number of categories that will be displayed from the Number of Categories list box 9 Select the type of chart from the Chart Type list box Viewing Reports 111 10 Select the year month and day that you would like to view 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing the Attacks by Source The Attacks by Source report displays the top sources of attacks To view the Attacks by Source report follow these steps l Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 Expand the Attacks tree and click By Source The By Source page appears Figure 116 Select a SonicWALL appliance Figure 116 By Source
164. plication Any replacement SOFTWARE PRODUCT shall be warranted for the remainder of the original warranty period or thirty 30 days whichever is longer Outside of the United States neither these remedies nor any product Support Ser vices offered by SonicWALL are available without proof of purchase from an authorized SonicWALL international reseller or distributor NO OTHER WARRANTIES To the maximum extent permitted by applicable law SonicWALL and its suppliers licensors disclaim all other war ranties and conditions either express or implied including but not limited to implied warranties of merchantabil ity fitness for a particular purpose title and non infringement with regard to the SOFTWARE PRODUCT and the provision of or failure to provide support services This limited warranty gives you specific legal rights You may have others which vary from state jurisdiction to state jurisdiction LIMITATION OF LIABILITY Except for the warranties provided hereunder to the maximum extent permitted by applicable law in no event shall SonicWALL or its suppliers licensors be liable for any special incidental indirect or consequential damages for lost business profits business interruption loss of business information arising out of the use of or inability to use the SOFTWARE PRODUCT or the provision of or failure to provide support services even if SonicWALL has been advised of the possibility of such damages In any case SonicWALL s
165. ppears Figure 70 Figure 70 By User Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q sx ba Q x E EA JO search She Favorites meda O B El m 8 amp Address https 10 0 14 158 sqms auth GP searchwWeb PageRank Eh 847 blocked E utori EJ Fa options A th gateway sonicwall com By User use nin Logout Ee D J gt Top Filtered Sites By User for June 27 2004 settings J cg Displaying records 1 1 of 1 ono e Attempts Category svi0tw02 sv us sonic 335 ooonoononaoon o SONICWALL SonicWALL ViewPoint a e Omera 5 The table contains the following information e User the IP address of the user e Site the top five sites visited by the user e Attempts number of attempts the user made to access each web site 6 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top users To change these set tings click Settings The Report Settings dialog box appears Figure 71 74 SonicWALL ViewPoint User s Guide 7 Select the number of users that will be displayed from the Number of Users list box 8 Select the type of chart from the Chart Type list box 9 Select the year month and day that you would like to view Figure 71 Report Settings Dialog Box ze ViewPoint Settings Microsof Bi Ea SONICWALL Report Display Settings sun Mon Tue Wed Thu Fri Sat 1 2 3 k 5 f
166. r Time Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help OQ x 2 E search Shy Favorites GQ media lt 2 2 eaU s https 10 0 14 158 sgms auth gateway sonicwall com By Users Over Time Top Web Sites By User from June 22 2004 to June 27 2004 Stal svIOfwOO Displaying records 1 1 of 1 Report produced for timezone Pacific Time US amp Canada pnonoonoonn G SONICWALL SonicWALL ViewPoint a internet 5 The table contains the following information e User the IP address of the user e Site the top five sites visited by the user e Hits number of hits to each web site visited by the user e KBytes number of kilobytes transferred 6 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 63 Viewing Reports 67 Figure 63 Report Settings Dialog Box ViewPoint Date Range Selector E E SONICWALL May 5 2004 May 4 2004 May 3 2004 7 Select whether to display a chart and table or a table only 8 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 9 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range
167. r negotiation is invalid CONFIG Timeout Negotiation could not be reached ISAKMP timeout SA data is invalid IKE Starting Session Rekey Peer Start QM Rekey Peer IKE Received request to rekey session with Peer Received QM rekey Peer IKE Resources busy rekey delayed slightly Start rekey later since we initiate ISAKMP one at a time COMFIG Place unit in VPN mode Recv d an encrypted packet when crypto not active Can t create conn entry SYSTEM ERROR Watch for reoccurrence Conn Entry CONFIG Remote end is sending clear traffic Recv d an unencrypted packet when crypto active IKE Negotiation failed No answer received from Peer ISAKMP timeout Retransmission failed Peer IKE Negotiation aborted Payload verification failed Payload verification failed ISAKMP aborted No connection entry SYSTEM ERROR Check policies SYSTEM ERROR Unable to encrypt packet Unable to encrypt payload Can t send request after processing SYSTEM ERROR Packet invalid after processing DHCP Retransmission of DHCP Records failed Peer Retransmission of DHCP Records failed Peer IKE Request to delete IPSEC SA has invalid DOI Invalid DOI in delete message IKE Request to delete IKE SA invalid Invalid ISAKMP SA delete message IKE Request to delete IPSEC SA does not ma
168. r of hours that one or more SonicWALL appliances were online and functional dur ing the time period From this information you can determine find trouble spots within your network For example this report could reveal that a SonicWALL appliance that is having network connectivity issues caused by the ISP Note All reports appear in the Firewalls time zone Select from the following e To view a status summary see Viewing the Status Summary Report on page 39 e To view bandwidth usage over a period of time see Viewing Bandwidth Usage Over Time on page 46 Viewing the Status Summary Report The Status Summary report contains information on the amount of status of a SonicWALL appliance or group of Status appliances during each hour of the specified day To view the Status Summary report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Status tree and click Summary The Summary page appears Figure 29 Viewing Reports 39 Figure 29 Summary Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Ou O MAD swe kros Gur OELG Address a https 10 0 14 158 sams auth x Go Logout ao ao 10 50 193 50 Pacific Time US amp Canada ViewPoint Not Licensed a Bao o oo G Getting Started With YiewPoint SONICWALL SonicW
169. re 137 Report Settings Dialog Box t ViewPoint Settings Microsof Mi Ea SONICWALL Report Display Settings Sun Mon Tue wed Thu Fri Sat 1 eRe 3 k 5 f ls 9 wo ha n2 f3 fis fe 17 ha n9 fzo a2 23 z4 25 26 27 ze 29 s0 8 Select the number of categories that will be displayed from the Number of Categories list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing Intrusions Over Time The Over Time report displays the daily number of intrusion attempts during the specified time period To view the Intrusions Over Time report follow these steps 1 2 3 4 Start and log into SonicWALL ViewPoint Click the Reports tab Select the global icon a group or a SonicWALL appliance Expand the Intrusion Prevention tree and click Intrusions Over Time The Intrusions Over Time page appears Figure 138 Viewing Reports 129 Figure 138 Intrusions Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A QD Osh she ravortes Aui O e SDA Address https 4 10 0 14 156 sgms auth D D J 3 4 A svidfwoo Over Time user ad
170. re finished click Update If the SonicWALL appliance is running SonicOS follow these steps 1 2 Log into the SonicWALL appliance Expand the Log tree and click Automation The Automation page appears Figure 9 22 SonicWALL ViewPoint User s Guide Figure 9 Automation Page 44 SonicWALL Administration Microsoft Internet Explorer File Edit View Favorites Tools Help Q gt x A GD Preach Ge Favorites Aui H R G i ttp 10 50 164 65 management htmi Mail Server Name or IP Address Send log to E Mail Address Send alerts to e E Mail Address Firewall Name 0040100F88D1 Name Email Log Now Clear Log Now Anti Virus Syslog Servers High Availability Name or IP Address Port Number Add Syslog Server 514 Delete Syslog Server logot STATUS Ready 3 Enter 0 in the Syslog Individual Event Rate field The Syslog Individual Event Rate field reduces the number of repetitive events that are logged by SonicWALL ViewPoint Although this prevents a log file from being full of repetitive events setting the Syslog Individual Event Rate field to anything other than 0 will result in inaccurate ViewPoint reports 4 Select Default from the Syslog Format list box 5 Click Add in the Server Name section and enter the IP address and port default 514 of the SonicWALL ViewPoint server in the Add Syslog Server fields Then click OK 6 To ensure accurate and complete reporting cli
171. re finished click Update The changes are saved 38 SonicWALL ViewPoint User s Guide CHAPTER 4 Viewing Reports This chapter describes how to generate reports using SonicWALL ViewPoint Select from the following reports e To view status reports see Viewing Status Reports on page 39 e To view general bandwidth usage reports see Viewing Bandwidth Reports on page 42 e To view bandwidth reports by service see Viewing Service Usage Reports on page 50 e To view web usage bandwidth reports see Viewing Web Usage Reports on page 54 e To view reports on the number of attempts that users made to access blocked web sites see Viewing Web Fil ter Reports on page 69 e To view file transfer protocol FTP bandwidth usage reports see Viewing File Transfer Protocol Reports on page 82 e To view mail bandwidth usage reports see Viewing Mail Usage Reports on page 89 e To view virtual private networking VPN reports see Viewing VPN Usage Reports on page 96 e To view reports on attempted attacks see Viewing Attack Reports on page 109 e To view reports on intrusion prevention see Viewing Intrusion Prevention Reports on page 122 e To view detailed logging information see Viewing the Log on page 141 e To view user and administrator authentication reports see Viewing Authentication Reports on page 136 Viewing Status Reports Status reports display the numbe
172. reassignment Peer DHCP IP Delete DHCP record due to unsolicited ARP Peer DHCP IP DHCP Releasing DHCP due to reassignment Peer DHCP IP DHCP Register address for remote user Peer Hostname DHCP IP Register DHCP Client Peer Hostname DHCPIP DHCP Register address for Ravlin Soft user Device IP Hostname VIP Register DHCP Client RIP Hostname VIP ICMP Network Error Received ICMP Unreachable from Received ICMP Destination unreachable IP IP Fragmentation Failed 161 162 IP Fragmentation Failed FW LOG Packet passed in clear Sre Dst Proto DstPort VPN LOG TCP Session Terminated Src Dst DstPort SrcPort VPN LOG TCP Session Initiated Src Dst DstPort SrcPort FW EVENT No ICMP session Pkt dropped Src Dst Interface FW EVENT No UDP session Pkt dropped Src Dst DstPort SrcPort Intf FW EVENT No TCP session Pkt dropped Src Dst DstPort SrePort Intf FW LOG ICMP Session Initiated Src Dst FW LOG ICMP Session Terminated Src Dst FW LOG UDP Session Initiated Src Dst DstPort SrcPort NAT FW LOG UDP Session Terminated Sre Dst DstPort SrcPort NAT FW LOG TCP Session Initiated Src Dst DstPort SrcPort NAT FW LOG TCP Session Terminated Src Dst DstPort SrcPort NAT LCP Conf Req Sent PPP LCP Conf Req Sent LCP Conf Req Revd PPP
173. revention tree and click By Priority The By Priority page appears Figure 136 Select a SonicWALL appliance Figure 136 By Priority Page F SonicWALL ViewPoint Microsoft Internet Explorer DER File Edt View Favorites Tools Help Qa A A QD Osh she ravortes Amui O e SUDA Address 4 https 10 0 14 158 sgms auth Ee D 4 ooon bead og of Intrusions Prevention Alert WEB IIS cmd exe access SID 1309 PS Prevention SONICWALL ro SonicWALL ViewPoint The pie chart displays the percentage of each type of intrusion attempt To view source and destination informa tion on the individual intrusion attempts expand the category tree indicated by a sign The table contains the following information e Priority priority level of the intrusion e Category the type of intrusion e Intrusion name of the intrusion Events number of intrusion attempts e of Intrusions percentage of this type of intrusion compared to all other intrusion types For example if 5 000 intrusion attempts occurred during the day and Web HS cmd exe access attempts makes up 2 000 of the intrusion attempts its of Intrusions field will display 40 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top categories To change these settings click Settings The Report Settings dialog box appears Figure 137 128 SonicWALL ViewPoint User s Guide Figu
174. rt Type list box 10 Select the year month and day that you would like to view Figure 99 Report Settings Dialog Box ze ViewPoint Settings Microsof Hi Ea SONICWALL Report Display Settings sun Mon Tue Wed Thu Fri Sat 1 2 3 k 5 f ls 9 wo ha n2 f3 fis fe 17 ha 19 fzo a2 23 24 25 26 27 ze 29 30 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing VPN Usage Over Time The VPN Usage Over Time report displays the daily number of VPN connections made through a SonicWALL appliance or group of SonicWALL appliances during the specified time period To view the VPN Usage Over Time report follow these steps Start and log into SonicWALL ViewPoint 1 2 3 4 Click the Reports tab Select the global icon a group or a SonicWALL appliance Expand the VPN Usage tree and click Over Time The Over Time page appears Figure 100 Viewing Reports 99 Figure 100 Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help O O BAO Paar kr Gen O 2 BaLDOLE Address a https 10 0 14 158 sgms auth D D J 3 4 A al svidfwoo Over Time user a YPN Activity from June 22 2004 to June 27 2004 ooonon oa Connections oonan o 100 0 SONICWAL
175. rts 101 Figure 103 Report Settings Dialog Box ViewPoint Date Range Selector E 3 SONICWALL IMay 11 2004 May 5 2004 __ May 4 2004 May 3 2004 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing VPN Usage by Policy The VPN Usage by Policy report contains information on VPN usage for a SonicWALL appliance organized by policy To view the VPN Usage by Policy report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the VPN Usage tree and click By Policy The By Policy page appears Figure 104 102 SonicWALL ViewPoint User s Guide Figure 104 By Policy Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Pear rons Que O 2 SGD Address https 4 10 0 14 156 sgms auth Search web go PageRank Eh e47 blocked E autor E Fa Options A svidfwoo By Policy user Top Policies for Jun
176. rusions number of intrusion attempts e of Intrusions percentage of this type of intrusion compared to all other intrusion types For example if 5 000 intrusion attempts occurred during the day and Web IIS attempts makes up 3 000 of the intrusion attempts its of Intrusions field will display 60 7 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top categories To change these settings click Settings The Report Settings dialog box appears Figure 135 Figure 135 Report Settings Dialog Box Z ViewPoint Settings Microsof REI SONICWALL Report Display Settings Thu Fri Sat 4 6 11 12 f3 is 19 20 25 26 27 8 Select the number of categories that will be displayed from the Number of Categories list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view Viewing Reports 127 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Top Intrusions by Priority The By Priority report displays the types of intrustions that occurred on the specified date ranked by Priority To view the By Priority report follow these steps l 7 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 Expand the Intrusion P
177. s For example if 1000 megabytes of data was transferred during the period and 200 megabytes was transferred by the top user the of MBytes field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 61 Figure 61 Report Settings Dialog Box ViewPoint Date Range Selector R SONICWALL 8 Select whether to display a chart and table or a table only 66 SonicWALL ViewPoint User s Guide 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Bandwidth Usage By User Over Time The By User Over Time report displays a list of all users their top sites the number of hits to each site and the amount of data transferred for the specified time period To view the By User Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click By User Over Time The By User Over Time page appears Figure 62 Figure 62 By User Ove
178. se settings will stay in effect for all similar reports during your active login session Sources Over Time The Source Over Time report displays the number of attacks from each major source during the specified time period To view the Sources Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Sources Over Time The Sources Over Time page appears Figure 124 Figure 124 Sources Over Time Page File Edit View Favorites Tools Help a E N O O NADO kans G O LADA Address https 10 0 14 158 sgms auth x Eao ink Google v BPsearch web go PageRank Kh 847 blocked E auton E Ea options A ii MyReportsView p a 2 O ogo P pem gateway sonicwall com N MyGateway MyTzw i 004 to June 00 settings TEA im svIOfWOD i 5 Oc aa E g E T fee el ac aS E E S Se a eh 3 g g a E 10 0 15 92 45 72 8 Destination Attacks of Attacks 10 0 255 255 45 726 2 10 0 15 98 15 24 2 ddorosin 7176 sv us sonicwall com 1 1e lt i al 4 Aasai 1 1 8 0 A O e Po a m Internet 5 The bar graph displays the number of attacks attempted each day of the specified time period To view source and destination information on the individual attacks expand the source tree
179. sqmsjauth Google Search Web J PageRank Eh site popups allowed E autoril O fed options 2 Organizational Unit View Reports Wireless Search user bruceg Logout i Engineering p m PRO 4060 jot 72 170 Enhanced i mt Wireless ae Marketing L am TZ 70 Standard Sales Eco inks a a Log Search Results for June 5 2004 00 00 00 to June 6 2004 23 59 59 Message ategory Connections Displaying records 1 500 of 11555 Boog TIME Ci DESTINATION PROTOCOL Src Port Dst Port Src Int 06 06 2004 17 54 37 10 50 163 130 216 148 227 68 udp dns 2275 53 LAN 06 06 2004 17 54 01 10 50 163 130 206 204 187 25 tepihttp 4680 80 LAN ao G 06 06 2004 17 53 52 10 50 163 129 192 168 168 10 udp 161 162 LAN 06 06 2004 17 53 50 10 50 163 130 206 204 187 25 tepihttp 4680 80 LAN 06 06 2004 17 50 58 68 228 74 107 10 50 163 130 tephttp 1362 80 WAN 06 06 2004 17 68 228 74 107 10 50 163 130 tepihttp 1361 80 WAN 06 06 2004 17 10 50 163 130 216 148 227 68 udp dns 2275 53 LAN 06 06 2004 17 49 36 68 228 74 107 10 50 163 130 tepihttp 1362 80 WAN a 06 06 2004 17 49 36 68 228 74 107 10 50 163 130 topihttp 1361 80 WAN 06 06 2004 17 49 01 10 50 163 130 69 25 36 101 tepihttp 4679 80 LAN 06 06 2004 17 48 49 10 50 163 130 69 25 38 101 topihttp 4679 80 LAN 06406 2004 17 44 37 10 50 163 130 216 148 227 68 udpicins 2275 53 LAN 06 06 2004 17 44 01 10 50 163 130 128 121 256 136 tepi
180. starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Bandwidth Reports Bandwidth reports display the amount of data transferred through one or more selected SonicWALL appliances Bandwidth reports are an ideal starting point for viewing overall bandwidth usage You can view bandwidth usage view by the hour day or over a period of days Additionally you can view the top users of bandwidth From this information you can determine network strategies For example if you need more bandwidth you might need to upgrade network equipment or you might simply need to curtail the bandwidth usage of a few employees Note All reports appear in the Firewalls time zone Select from the following To view a summary of the daily bandwidth usage see Viewing the Bandwidth Summary Report on page 42 To view bandwidth usage in real time see Monitoring Bandwidth Usage in Real Time on page 44 To view the users who consume the most bandwidth see Viewing the Top Users of Bandwidth on page 44 To view bandwidth usage over a period of time see Viewing Bandwidth Usage Over Time on page 46 To view the users who consume the most bandwidth over time see Viewing the Top Users of Bandwidth Over Time on page 48
181. t Client Challenge response timeout ULA Host RADIUS Timeout Ravlin Host Challenge response timeout ISAKMP aborted Client RADIUS Timeout Ravlin Soft Client RADIUS Sent Request to AAA Server Sent RADIUS ACCESS_REQUEST Auth Server RADIUS Received Access Rejected from AAA Server Received RADIUS ACCESS REJECT Auth Server RADIUS Received Challenge from AAA Server Received RADIUS ACCESS_CHALLENGE Auth Server Failed to Authenticate Client RADIUS Failed to Authenticate Client Authentication server does not exist RADIUS Cannot connect to Authentication Server Authentication server timeout RADIUS AAA Server timeout Received SNMP packet with bad checksum from SNMP Possible intrusion Checksum error in command channel from AH ESP Anti Replay Update Failed Non Initialized or Wrapped SEQNUM VPN FW Anti Replay Update Failed AH ESP Anti Replay Check Failed Last Current SEQNUM VPN FW Anti Replay Check Failed Sequence Number Last Current AH ESP Tunnel Decapsulation Check Failed Bad Inner IP or ESP Hdrs VPN FW Decapsulation Check Failed Bad IP and or Header AH ESP Anti Replay Check Failed SEQNUM is zero VPN FW Anti Replay Check Failed Sequence Number is zero AH ESP Authentication HMAC Hash Verification Failed Peer VPN FW HMAC Hash Verificatio
182. t Date Range Selector E El SONICWALL 8 Select whether to display a chart and table or a table only 86 SonicWALL ViewPoint User s Guide 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Users of FTP Bandwidth Over Time The Top Users Over Time report displays the users who used the most FTP bandwidth for the specified time period To view the Top Users Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the FTP Usage tree and click Top Users Over Time The Top Users Over Time page appears Figure 86 Figure 86 Top Users Over Time Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q h AQ Pear grons Que O A BUDA Address https 10 0 14 158 sgms auth svidfwo0 Top Users Over Time user admin FTP Activity from June 22 2004 to June 27 2004 onono ooonoonon 1103 498 210 007 1219 396 455 38 9 442 13 249 3010
183. t Logout pe gateway sonicwall com lll MyGateway pool MyTzw Soll svIOfWOD Summary Monitor o 4 Min Ago 3 Min Ago 2 Min Ago Elapsed Time SONICWALL SonicWALL ViewPoint Internet 5 The Services Monitor shows the amount of data transferred for each service during each sampling period for the last five minutes The sampling period is 15 seconds 50 SonicWALL ViewPoint User s Guide Viewing the Services Summary Report The Services Summary report displays the amount of traffic handled by each service during each hour of the speci fied day To view the Services Summary report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Services tree and click Summary The Summary page appears Figure 43 Figure 43 Summary Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AD Asan rons Que O O CaWIOLE Address hetps 10 0 14 158 sqmsfauth GS Search web go PageRank Fh e47 blocked E autori E fal options A eport gateway sonicwall com Summary user Summary of Services for June 27 2004 oono Ba og ag onicWALL ViewPoint 5 The bar graph displays the amount of bandwidth used by each service during each hour of the day 6 The table contains the following information e Protocol the service e KBytes number of kilobytes e Even
184. t from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing Mail Usage Over Time The Mail Usage Over Time report displays the daily amount of mail handled by a SonicWALL appliance or group of SonicWALL appliances for the specified time period To view the Mail Usage Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Mail Usage tree and click Over Time The Over Time page appears Figure 92 92 SonicWALL ViewPoint User s Guide Figure 92 Over Time Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q e A E Power Jeroe Qua O 2 SRIOSE Address https 4 10 0 14 156 sgms auth Search web go PageRank Eh e47 blocked E autori E fal Options A MyReportsView al svidfwo0 Over Time user admin lll gateway sonicwall com Mail Usage from June 22 2004 to June 27 2004 BOHeneo Beoge o a SONICWALL i SonicWALL ViewPoint 5 The bar graph displays the amount of mail sent and received during each day of the specified time period 6 The table contains the following information
185. t from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Blocked Site Users Over Time The Web Filter Top Users Over Time report displays the users who made the most attempts to access blocked sites during the specified time period To view the Top Users Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Filter tree and click Top Users Over Time The Top Users Over Time page appears Figure 76 78 SonicWALL ViewPoint User s Guide Figure 76 Top Users Over Time Page SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help a O O AG Poe Rroms Pun O B EBW OLE Address https 10 0 14 158 sqmsfauth Eeo im search web ge PeseRank Eh 847 blocked E autori E Pa Options all gateway sonicwall com Top Users Over Time user admin Logout a Top Filtered Web Users from June 22 2004 to June 27 2004 ono Users Custom List oooonnaoon svi0dc00 sv us sonicwa
186. t the bottom of the SonicWALL ViewPoint UI 3 Expand the User Settings tree and click General The General page appears Figure 19 Status Page Z SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Qa x A CD Peach Se ravortes Aua O 2 SSUDA Address B https 10 0 14 158 sgmsjauth E i Bo Links Google v Psearch web go PageRank Dh 847 blocked E 4 O Faotions i MyReportsview Console Panel General user admin Logout Hemm gateway sonicwall com 5 MyGateway 5 Old ViewPoint Password MyTzw General Lam sviofwo0 Reports New ViewPoint Password Confirm New Password ViewPoint Inactivity Timeout 120 minutes update j _reset_ SONICWALL enel SonicWALL ViewPoint Enter the current ViewPoint password in the Old ViewPoint Password field Enter the new ViewPoint password in the New ViewPoint Password field Reenter the new ViewPoint password in the Confirm ViewPoint Password field na wf The ViewPoint Inactivity Timeout period specifies how long SonicWALL ViewPoint waits before logging out an inactive user To prevent someone from accessing the SonicWALL ViewPoint UI when SonicWALL View Point users are away from their desks enter an appropriate value in the ViewPoint Inactivity Timeout field default 5 minutes Note This field can be set to a maximum of 32767 minutes 8 When you are finished click Update The password is changed To clear all screen s
187. tch ISAKMP SA delete msg for a different SA IKE Request to delete IPSEC SA invalid Invalid IPSEC SA delete message IKE Request to delete SA has unknown protocol Unknown protocol in delete message Dropped duplicate ISAKMP packet IKE Duplicate IKE Packet discarded IKE Authentication rekey set to seconds Phase I rekey IPSEC Session rekey set to seconds Phase II rekey IKE Received ISAKMP packet with bad length Peer Received ISAKMP packet with bad length Peer 167 168 IKE Restart IKE after ESP decap Peer gateway Restart ISAKMP after ESP decap Peer gateway IKE Received IKE SA delete request Peer Received ISAKMP SA delete request Peer IKE Received IPSEC SA delete request Peer Received IPSEC SA delete request Peer IKE Restart IKE after ESP decap Peer host Restart ISAKMP after ESP decap Peer host CONFIG Check preshared keys Unable to compute shared secret Host Virtual IP does not match Inner Source IP VIP Sre IP VPN FW Decrypted Source IP does not match Expected Actual Host Destination address does not match local protected networks VPN FW Decrypted Destination IP does not match policy Gateway Source or destination address failed filter Src Dst Port VPN FW Received packet does not match policy Sre Dst Intf ULA enabled PDE
188. te Micro ies Mon Tue Wed Thu Fri 3 4 5 6 10 11 12 13 17 18 19 20 31 8 Select the type of chart to display from the View Settings area 24 25 26 27 9 Select the year month and day that you would like to view Viewing Reports 55 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Viewing the Top Web Sites The Top Sites report displays the web sites that used the most HTTP bandwidth on the specified date To view the Top Sites report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click Top Sites The Top Sites page appears Figure 48 Figure 48 Top Sites Page F SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Q O h AQ Peach Krons Que O A SDA Address https 10 0 14 158 sams auth gateway sonicwall com Top Sites user Top Visited Web Sites for June 27 2004 oon Site licensemanager sonic software sonicwall c Total ooon eo Report produced for timezone Pacific Time US amp Canada SONICWALL Panel Pa SonicWALL ViewPoint 5 The pie chart displays the percentage of bandwidth used to access the top sites 6 The table contains the following information e Site URL or I
189. ternal error Multiple PDE s for same Peer exceeded limit SYSTEM ERROR Multiple PDE s for same Peer exceeded limit AUDIT Publisher registered for event audit messages Publisher registered for event audit messages AUDIT Deallocation of event publisher context failed Deallocation of event publisher context failed AUDIT Event publisher deregistered Event publisher deregistered AUDIT Publisher deregistration failed Publisher deregistration failed Random Number Generator Fault SYSTEM POST Random Number Generator Fault SYSTEM POST All subsystems test OK System Ready SYSTEM POST Ethernet test failed SYSTEM POST Crypto test failed SYSTEM POST BRAM test failed SYSTEM POST UART test failed SYSTEM POST Real Time Clock test failed SYSTEM POST Ethernet initialization failed SYSTEM POST Out of memory SYSTEM POST Critical BRAM version unrecognized SYSTEM POST Receive buffer unavailable on local interface 169 SYSTEM POST Receive buffer unavailable on remote interface SYSTEM POST No frames available for local interface GetFrame failed SYSTEM POST No frames available for remote interface GetFrame failed SYSTEM POST Interface 0 stopped transmitting due to an abnormal interrupt SYSTEM POST Interface 1 stopped transmitting due to a
190. the Top Users report follow these steps Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 1 Select a SonicWALL appliance Expand the Web Usage tree and click Top Users The Top Users page appears Figure 50 Viewing Reports 57 Figure 50 Top Users Page i SonicWALL ViewPoint Microsoft Internet Explorer File Edit View Favorites Tools Help Ox BOD Pwr erns Que O A SEWIOLE Address https 4 10 0 14 156 sgms auth PageRank Eh 947 blocked f Autori E fal Options 9 gateway sonicwall com Top Users user Logout Top Users of Web for June 27 2004 settings J cg eae ae a PCC ees KENTE WA oonononon ooo SONICWALL Elone Internet 5 The pie chart displays the percentage of bandwidth transferred by each of the top users 6 The table contains the following information e Users the IP address of the user Hits number of hits e MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the top user the of MBytes field will display 20 7 By default SonicWALL ViewPoint shows today s report a pie chart and the ten top users To change these set tings click Settings The Report Settings dialog box appears Figure 51 58 SonicWALL ViewPoint User s Guide Figure 5
191. the following To view a summary of the daily web bandwidth usage see Viewing the Web Usage Summary Report on page 54 To view a list of the top visited sites see Viewing the Top Web Sites on page 56 To view the users who consume the most web bandwidth see Viewing the Top Users of Web Bandwidth on page 57 To view the top sites visited by each user see Viewing Web Usage by User on page 59 To view the top sites and the users who visited the sites see Viewing Web Usage by Site on page 61 To view web bandwidth usage over a period of time see Viewing Web Usage Over Time on page 62 To view a list of the top visited sites over time see Viewing Top Sites Over Time on page 64 To view the users who consume the most web bandwidth over time see Viewing Top Users Over Time on page 65 To view the sites that consume the most web bandwidth over time see Viewing Top Sites Over Time on page 64 To view the top sites visited by each user over time see Viewing Bandwidth Usage By User Over Time on page 67 Viewing the Web Usage Summary Report The Web Usage Summary report contains information on the amount of HTTP bandwidth handled by a SonicWALL appliance or group of SonicWALL appliances during each hour of the specified day To view the Web Usage Summary report follow these steps 1 2 3 Start and log into SonicWALL ViewPoint Click the Reports tab Select the global
192. tion and or in other SonicWALL provided materials Any supplemental software code pro vided to you as part of the Support Services shall be considered part of the SOFTWARE PRODUCT and subject to terms and conditions of this SLA With respect to technical information you provide to SonicWALL as part of the Support Services SonicWALL may use such information for its business purposes including for product support and development SonicWALL shall not utilize such technical information in a form that identifies its source OWNERSHIP As between the parties SonicWALL retains all title to ownership of and all proprietary rights with respect to the SOFTWARE PRODUCT including but not limited to any images photographs animations video audio music text and applets incorporated into the SOFTWARE PRODUCT the accompanying printed materials and any copies of the SOFTWARE PRODUCT The SOFTWARE PRODUCT is protected by copyrights laws and interna tional treaty provisions The SOFTWARE PRODUCT is licensed not sold This SLA does not convey to you an interest in or to the SOFTWARE PRODUCT but only a limited right of use revocable in accordance with the terms of this SLA U S GOVERNMENT RESTRICTED RIGHTS If you are acquiring the Software including accompanying documentation on behalf of the U S Government the following provisions apply If the Software is supplied to the Department of Defense DoD the Software is sub ject to Restrict
193. ts number of events or hits e of Events percentage of events transferred by this service on the selected day compared to all other services For example if 10 000 events occurred during the day and 9 000 of the events were handled by the HTTP service the of Events field will display 90 7 SonicWALL ViewPoint shows today s report To change report settings click Settings The Report Settings dialog box appears Figure 44 Viewing Reports 51 Figure 44 Report Settings Dialog Box a Report Settings Micro a SONICWALL Report Display Settings Select Report Date Sun Mon Tue Wed Thu Fri 3 4 5 6 7 10 11 12 13 114 k 17 18 19 20 21 24 26 27 28 8 Select the type of chart to display from the View Settings area 9 Select the year month and day that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Adding a Service SonicWALL ViewPoint can monitor known services or custom services To add a service that will be displayed in all future service reports follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Console tab 3 Expand the Reports tree and click Services The Services page appears Figure 45 52 SonicWALL ViewPoint User s Guide Figure 45 Services Page F SonicWALL ViewPoint
194. umber of attempts to access blocked web sites e of Attempts percentage of attempts to access the blocked site on the day compared to the time period For example if 5 000 attempts were made during the time period and 500 were made on one day its of Attempts field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 73 Figure 73 Report Settings Dialog Box ViewPoint Date Range Selector X SONICWALL 8 Select whether to display a chart and table or a table only 76 SonicWALL ViewPoint User s Guide 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Blocked Site Attempts Over Time The Top Sites Over Time report displays the top blocked web sites for the specified time period To view the Web Filter Over Time report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 4 Expand the Web Filter tree and click Top Sites Over Time The Top Sites Over Time
195. usions by Destination Over Time Sources Over Time Top Intrusions Over Time Viewing Authentication Reports Viewing the User Login Report Viewing the Administrator Login Report Viewing the Failed Login Report Viewing the Log Viewing the Log for a SonicWALL Appliance Chapter 5 Scheduling SonicWALL ViewPoint Scheduling a Daily Report Scheduling a Weekly or Monthly Report Uninstalling the ViewPoint Web Server from the DOS Prompt Changing the ViewPoint Web Server Port Number Changing the SonicWALL ViewPoint IP Address Changing the Default Syslog Server Port Number The sgmsConfig xml File The SonicWALL ViewPoint Log Files Encrypting the sgmsConfig xml File Encrypted Data in the sgmsConfig xml File Resetting the Admin Password Copying Pasting into SonicWALL ViewPoint User Interface Using the Import Feature from Applet Securing Access to the ViewPoint Web Server Creating a Keystore with a Valid Test Certificate Creating a Secure Website Securely Accessing SonicWALL ViewPoint Customizing Reports Report File Elements 126 128 129 131 132 134 136 136 137 139 141 141 143 144 146 149 149 149 149 150 150 151 151 151 151 152 152 152 152 153 155 157 10 SonicWALL ViewPoint User s Guide CHAPTER 1 Introducing SonicWALL ViewPoint SonicWALL ViewPoint is a browser based software application that creates dynamic web based network reports With SonicWALL ViewPoint you can monitor network access enhance security
196. y compared to all other policies for the period For example if a total of 100 000 megabytes was transferred and 3 000 megabytes was transferred for one policy the of Usage field will display 3 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 107 104 SonicWALL ViewPoint User s Guide Figure 107 Report Settings Dialog Box ViewPoint Date Range Selector X SONICWALL May 11 2004 May 10 2004 8 Select whether to display a chart and table or a table only 9 Select from the following e To select a period of time before the last summarization enter the number of days to view before the last summarization e To view a specific date range select the starting and ending dates that you would like to view 10 When you are finished click Close SonicWALL ViewPoint displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Hourly VPN Usage by Policy The VPN Usage by Policy Hourly report contains information on hourly VPN usage for a SonicWALL appliance organized by policy To view the VPN Usage by Policy Hourly report follow these steps 1 Start and log into SonicWALL ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the VPN Usage tree and click By Policy Hourly The By Policy Hourly page appears Fi
Download Pdf Manuals
Related Search